HostedDB - Dedicated UNIX Servers

index_53
UNCLASSIFIED Implementing Security on Cisco Routers  Version 1.0g  UNCLASSIFIED 53   § Avoid dictionary words, names, or dates. § Always include at least one of each of the following:  lowercase letters, uppercase letters, digits, and special characters. § Make all passwords at least eight characters long. § Avoid more than 4 digits or same-case letters in a row. See [4] for more detailed guidance on selecting good passwords.  Note:  enable secret and username passwords may be up to 25 characters long including spaces. Accounts First, give each administrator their own login user name for the router.  When an administrator logs in with a user name and changes the configuration, the log message that is generated will include the name of the login account which was used.   The login accounts created with the username command should be assigned privilege level 1 (see Passwords, above).  In addition, do not create any user accounts without passwords!  When an administrator no longer needs access to the router, remove their account.  The example below shows how to create accounts for users named ‘rsmith’ and ‘bjones’, and remove the user named ‘brian’. Central# config t Enter configuration commands, one per line.  End with CNTL/Z. Central(config)# username rsmith password 3d-zirc0nia Central(config)# username rsmith privilege 1 Central(config)# username bjones password 2B-or-3B Central(config)# username bjones privilege 1 Central(config)# no username brian Central(config)# end Central#   Only allow accounts that are required on the router and minimize the number of users with access to configuration mode on the router.  See Section 4.6, which describes AAA, for a preferred user account mechanism. 4.1.5.   Remote Access This document will discuss five connection schemes which can be used for router administration. 1.     No Remote – administration is performed on the console only. 2.     Remote Internal only with AAA – administration can be performed on the router from a trusted internal network only, and AAA is used for access control.