Skip to Main Content
JUNOS High Availability
book

JUNOS High Availability

by James Sonderegger, Orin Blomberg, Kieran Milne, Senad Palislamovic
August 2009
Intermediate to advanced content levelIntermediate to advanced
690 pages
20h 14m
English
O'Reilly Media, Inc.
Content preview from JUNOS High Availability

Hardening the Device

A critical element of ensuring high availability for your JUNOS device involves protecting and hardening it from outside attacks. The following are issues to consider.

Use a Strong Password, and Encrypt It

It is amazing how many networking devices in production networks have weak passwords or, worse yet, still have default passwords in place! Ensuring that your devices use strong passwords is one of the simplest steps you can take to harden the device. Every company has its own standard for what constitutes a “strong” password, but a good guideline is to use at least eight characters, and a mix of upper- and lowercase letters, numbers, and symbols.

Note

JUNOS devices require that passwords be at least six characters long and contain at least one change of case or character class (i.e., numbers or symbols).

There are a variety of ways to enter passwords for user accounts on JUNOS devices. The following example shows the password options for an account called testuser:

[edit system login]
lab@r1# set user testuser authentication ?
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
  encrypted-password   Encrypted password string
  load-key-file        File (URL) containing one or more ssh keys
  plain-text-password  Prompt for plain text password (autoencrypted)
> ssh-dsa              Secure shell (ssh) DSA public key string
> ssh-rsa              Secure shell (ssh) RSA public key string

As you can see, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Network Performance Baselining

Network Performance Baselining

Daniel Nassar
Cisco Catalyst QoS: Quality of Service in Campus Networks

Cisco Catalyst QoS: Quality of Service in Campus Networks

Mike Flannagan - CCIE® No. 7651, Richard Froom - CCIE No. 5102, Kevin Turek - CCIE No. 7284
Juniper Networks® Field Guide and Reference

Juniper Networks® Field Guide and Reference

Aviva Garrett, Gary Drenan, Cris Morris, Juniper Networks®
Juniper Networks® Reference Guide: JUNOS™ Routing, Configuration, and Architecture

Juniper Networks® Reference Guide: JUNOS™ Routing, Configuration, and Architecture

Thomas M. Thomas II, Doris Pavlichek, Lawrence H. Dwyer III, Rajah Chowbay, Wayne W. Downing III, James Sonderegger

Publisher Resources

ISBN: 9780596805449Errata Page