need some advice on our cisco routers..

Olivier Nicole on at
Wed Feb 8 22:43:34 PST 2006

>  3. How do you secure your cisco routers in your office?? Our
>  director said that we should look for best practices in securing
>  our routers.

The very first step would be to limit where from you can telnet to the
router. There is no good reason why whole internet could telnet to the

The following shoud do

access-list 30 permit ! one unique machine ins9ide my network
access-list 30 deny   any log

line vty 0 4
 access-class 30 in
 exec-timeout 0 0
 login local
 refuse-message ^Cnauthorized access prohibited

>  1. Is it possible to think that they still haven't cracked the enable
>  password yet or they already know it and just silently been playing
>  with our router?? What for? If you are a hacker, what would you do
>  if you got an access to an ISP's router??:-)

If you have a back-up of your configuration, you can check if anything
has been changed. You can alos check the config change time stamp in
Cisco "show run".

In any case, play it safe, restore the last running configuration and
change the enable password.

The router could be a good sniffing point to grab hold on some
username/password from the ISP customers.


More information about the freebsd-questions mailing list