Difference between revisions of "Security Cisco IOS"
From Teknologisk videncenter
m |
m (→Login process) |
||
| Line 3: | Line 3: | ||
*Enable login shutdown if DoS attacks suspected | *Enable login shutdown if DoS attacks suspected | ||
*Generate system-logging | *Generate system-logging | ||
| + | ==Example== | ||
| + | *Block for 120 seconds if more than 5 attemps in 50 seconds | ||
| + | *Allow only two host IP addresses to login. Deny all other. | ||
| + | *Delay 10 seconds between consecutive login attempts | ||
| + | *Log logins and login failures | ||
<source lang=cli> | <source lang=cli> | ||
| − | login block-for | + | login block-for 120 attempts 5 within 60 |
! | ! | ||
ip access-list standard PERMIT-ADMIN | ip access-list standard PERMIT-ADMIN | ||
| Line 16: | Line 21: | ||
login on-failure log | login on-failure log | ||
</source> | </source> | ||
| + | |||
=Password= | =Password= | ||
*[http://www.ifm.net.nz/cookbooks/passwordcracker.html password 7 cracker] | *[http://www.ifm.net.nz/cookbooks/passwordcracker.html password 7 cracker] | ||
[[Categoty:Security]] | [[Categoty:Security]] | ||
Latest revision as of 12:42, 14 November 2017
Login process
- Implement delays between sussessive login attempts
- Enable login shutdown if DoS attacks suspected
- Generate system-logging
Example
- Block for 120 seconds if more than 5 attemps in 50 seconds
- Allow only two host IP addresses to login. Deny all other.
- Delay 10 seconds between consecutive login attempts
- Log logins and login failures
login block-for 120 attempts 5 within 60
!
ip access-list standard PERMIT-ADMIN
remark Permit only Administrative hosts
permit 192.168.10.10
permit 192.168.11.10
!
login quiet-mode access-class PERMIT-ADMIN
login delay 10
login on-success log
login on-failure log