O'Reilly logo

Cisco IOS in a Nutshell, 2nd Edition by James Boney

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 15. Router Security

Before deploying a router, you should secure it: that is, you should do everything you can to prevent the router from being misused, either by people within your own organization or by intruders from the outside. This chapter describes the first simple steps you can take toward router security ; however, it’s not a complete discussion by any means. I don’t do anything more than point you in the right direction. For more security review and hints, you might want to look at some O’Reilly titles, especially Hardening Cisco Routers by Thomas Akin and Cisco Cookbook by Kevin Dooley and Ian J. Brown.

Securing Enable Mode Access

One of the basic security items you need to protect is access to the enable mode, which allows a user access to the router’s configuration and boot information. You want to protect this mode as much as possible and give access only to people who really need it and who know what they are doing. For this section, we’ll look at setting the enable password , the enable secret command (which provides additional security), and enable privilege levels.

Setting the Enable Password

The enable password grants the user access to your complete router configuration. It’s much like the superuser or root password on a Unix system or like the Administrator password on Windows. It must be guarded carefully. In Chapter 3, I showed how to set the enable password:

    Router(config)#enable password mypassword

The problem with setting the password this way is ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required