From owner-freebsd-questions@FreeBSD.ORG Thu Feb 9 06:43:34 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3756B16A420 for ; Thu, 9 Feb 2006 06:43:34 +0000 (GMT) (envelope-from on@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4013043D48 for ; Thu, 9 Feb 2006 06:43:31 +0000 (GMT) (envelope-from on@cs.ait.ac.th) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) by mail.cs.ait.ac.th (8.12.11/8.12.11) with ESMTP id k196hRMS047147 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 9 Feb 2006 13:43:27 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.13.1/8.12.11) id k196hQ0P093183; Thu, 9 Feb 2006 13:43:26 +0700 (ICT) Date: Thu, 9 Feb 2006 13:43:26 +0700 (ICT) Message-Id: <200602090643.k196hQ0P093183@banyan.cs.ait.ac.th> From: Olivier Nicole To: jay2xra@yahoo.com In-reply-to: <20060209060705.45093.qmail@web51606.mail.yahoo.com> (message from Mark Jayson Alvarez on Wed, 8 Feb 2006 22:07:05 -0800 (PST)) References: <20060209060705.45093.qmail@web51606.mail.yahoo.com> X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/) Cc: freebsd-questions@freebsd.org Subject: Re: need some advice on our cisco routers.. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2006 06:43:34 -0000 > 3. How do you secure your cisco routers in your office?? Our > director said that we should look for best practices in securing > our routers. The very first step would be to limit where from you can telnet to the router. There is no good reason why whole internet could telnet to the router. The following shoud do access-list 30 permit 192.168.0.0 ! one unique machine ins9ide my network access-list 30 deny any log line vty 0 4 access-class 30 in exec-timeout 0 0 login local refuse-message ^Cnauthorized access prohibited ^C > 1. Is it possible to think that they still haven't cracked the enable > password yet or they already know it and just silently been playing > with our router?? What for? If you are a hacker, what would you do > if you got an access to an ISP's router??:-) If you have a back-up of your configuration, you can check if anything has been changed. You can alos check the config change time stamp in Cisco "show run". In any case, play it safe, restore the last running configuration and change the enable password. The router could be a good sniffing point to grab hold on some username/password from the ISP customers. Olivier