O'Reilly logo

JUNOS High Availability by Orin Blomberg, Senad Palislamovic, Kieran Milne, James Sonderegger

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hardening the Device

A critical element of ensuring high availability for your JUNOS device involves protecting and hardening it from outside attacks. The following are issues to consider.

Use a Strong Password, and Encrypt It

It is amazing how many networking devices in production networks have weak passwords or, worse yet, still have default passwords in place! Ensuring that your devices use strong passwords is one of the simplest steps you can take to harden the device. Every company has its own standard for what constitutes a “strong” password, but a good guideline is to use at least eight characters, and a mix of upper- and lowercase letters, numbers, and symbols.

Note

JUNOS devices require that passwords be at least six characters long and contain at least one change of case or character class (i.e., numbers or symbols).

There are a variety of ways to enter passwords for user accounts on JUNOS devices. The following example shows the password options for an account called testuser:

[edit system login]
lab@r1# set user testuser authentication ?
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
  encrypted-password   Encrypted password string
  load-key-file        File (URL) containing one or more ssh keys
  plain-text-password  Prompt for plain text password (autoencrypted)
> ssh-dsa              Secure shell (ssh) DSA public key string
> ssh-rsa              Secure shell (ssh) RSA public key string

As you can see, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required