Skip to Content
CISCO IOS in a Nutshell
book

CISCO IOS in a Nutshell

by James Boney
December 2001
Intermediate to advanced
608 pages
25h 14m
English
O'Reilly Media, Inc.
Content preview from CISCO IOS in a Nutshell

Chapter 13. Router Security

Before deploying a router, you should secure it: that is, you should do everything you can to prevent the router from being misused, either by people within your own organization or by intruders from the outside. This chapter describes the first simple steps you can take toward router security; however, it’s not a complete discussion by any means. I don’t do anything more than point you in the right direction.

The enable Password

The enable password grants the user access to your complete router configuration. Therefore, it should be guarded carefully. In previous chapters, I showed how to set your enable password:

enable password mypassword

The problem with setting the password this way is that mypassword is your actual password; anyone looking over your configuration files can see the password, and at that point, it’s no longer a secret. Generally speaking, the accepted wisdom for managing passwords is that they should never be written down in clear text—not even in a configuration file that you think no one has access to. Obviously, there are plenty of ways for a clear-text password to leak out: for example, you might print the configuration file so you can take it home to think through some arcane route-redistribution problem and forget that the password is clearly visible to anyone hanging around the printer.

The solution to this problem is to use some sort of encryption. The simplest way to enable encryption is to use the command service password-encryption ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Cisco IOS in a Nutshell, 2nd Edition

Cisco IOS in a Nutshell, 2nd Edition

James Boney
Cisco IOS XR Fundamentals

Cisco IOS XR Fundamentals

Mobeen Tahir, Mark Ghattas, Dawit Birhanu, Syed Natif Nawaz

Publisher Resources

ISBN: 156592942XCatalog PageErrata