Difference between revisions of "Security Cisco IOS"
From Teknologisk videncenter
m |
m (→Login process) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | =Login process= | ||
| + | *Implement delays between sussessive login attempts | ||
| + | *Enable login shutdown if DoS attacks suspected | ||
| + | *Generate system-logging | ||
| + | ==Example== | ||
| + | *Block for 120 seconds if more than 5 attemps in 50 seconds | ||
| + | *Allow only two host IP addresses to login. Deny all other. | ||
| + | *Delay 10 seconds between consecutive login attempts | ||
| + | *Log logins and login failures | ||
| + | <source lang=cli> | ||
| + | login block-for 120 attempts 5 within 60 | ||
| + | ! | ||
| + | ip access-list standard PERMIT-ADMIN | ||
| + | remark Permit only Administrative hosts | ||
| + | permit 192.168.10.10 | ||
| + | permit 192.168.11.10 | ||
| + | ! | ||
| + | login quiet-mode access-class PERMIT-ADMIN | ||
| + | login delay 10 | ||
| + | login on-success log | ||
| + | login on-failure log | ||
| + | </source> | ||
| + | |||
=Password= | =Password= | ||
*[http://www.ifm.net.nz/cookbooks/passwordcracker.html password 7 cracker] | *[http://www.ifm.net.nz/cookbooks/passwordcracker.html password 7 cracker] | ||
[[Categoty:Security]] | [[Categoty:Security]] | ||
Latest revision as of 12:42, 14 November 2017
Login process
- Implement delays between sussessive login attempts
- Enable login shutdown if DoS attacks suspected
- Generate system-logging
Example
- Block for 120 seconds if more than 5 attemps in 50 seconds
- Allow only two host IP addresses to login. Deny all other.
- Delay 10 seconds between consecutive login attempts
- Log logins and login failures
login block-for 120 attempts 5 within 60
!
ip access-list standard PERMIT-ADMIN
remark Permit only Administrative hosts
permit 192.168.10.10
permit 192.168.11.10
!
login quiet-mode access-class PERMIT-ADMIN
login delay 10
login on-success log
login on-failure log