Security Cisco IOS
From Teknologisk videncenter
Login process
- Implement delays between sussessive login attempts
- Enable login shutdown if DoS attacks suspected
- Generate system-logging
Example
- Block for 120 seconds if more than 5 attemps in 50 seconds
- Allow only two host IP addresses to login. Deny all other.
- Delay 10 seconds between consecutive login attempts
- Log logins and login failures
login block-for 120 attempts 5 within 60
!
ip access-list standard PERMIT-ADMIN
remark Permit only Administrative hosts
permit 192.168.10.10
permit 192.168.11.10
!
login quiet-mode access-class PERMIT-ADMIN
login delay 10
login on-success log
login on-failure log