Hardening the Device
A critical element of ensuring high availability for your JUNOS device involves protecting and hardening it from outside attacks. The following are issues to consider.
Use a Strong Password, and Encrypt It
It is amazing how many networking devices in production networks have weak passwords or, worse yet, still have default passwords in place! Ensuring that your devices use strong passwords is one of the simplest steps you can take to harden the device. Every company has its own standard for what constitutes a “strong” password, but a good guideline is to use at least eight characters, and a mix of upper- and lowercase letters, numbers, and symbols.
Note
JUNOS devices require that passwords be at least six characters long and contain at least one change of case or character class (i.e., numbers or symbols).
There are a variety of ways to enter passwords for user accounts
on JUNOS devices. The following example shows the password options for
an account called testuser:
[edit system login]
lab@r1# set user testuser authentication ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
encrypted-password Encrypted password string
load-key-file File (URL) containing one or more ssh keys
plain-text-password Prompt for plain text password (autoencrypted)
> ssh-dsa Secure shell (ssh) DSA public key string
> ssh-rsa Secure shell (ssh) RSA public key stringAs you can see, ...
Get JUNOS High Availability now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
