Skip to main content

About this free course

Download this course

Share this free course

Discovering computer networks: hands on in the Open Networking Lab
Discovering computer networks: hands on in the Open Networking Lab

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

15.4 Summary of Session 15

In this session you’ve seen a variety of ways in which security for a router can be improved.

You have seen that enterprise routers allow a network engineer to connect in two ways: with a direct connection to a special console port, or over the network. Passwords can be set to control access to both of these. When a remote connection is made over the internet, a secure communication protocol such as SSH should be used to prevent an eavesdropper from reading passwords.

A message can be configured to warn that only authorised users can connect. Separate passwords can be applied to protect access to the console port and to network access through virtual teletypes.

The command-line interface on Cisco routers can be password protected, requiring the user to enter the correct password to enter further configuration commands. This applies whichever method is used to connect to the router.

You have also seen that security is difficult to get right. Possible weaknesses are storing passwords as plain text in configuration files, or using unencrypted Telnet for remote access. A network engineer should be alert to problems such as these and know ways to avoid them – for example, by adding encryption to passwords and by requiring SSH instead of Telnet for remote access.

Commands

In this session you have used the following commands.

CommandModeCommand promptPurpose
enable secret <password>Global configurationRouter(config)To set a password for privileged execution mode
banner motd <sep><banner><sep>Global configurationRouter(config)To set a message of the day
service password-encryptionGlobal configurationRouter(config)To encrypt passwords stored in the running configuration
username <name> secret <password>Global configurationRouter(config)To create a user account
line console 0Global configurationRouter(config)To configure the console connection
password <password>Line configurationRouter(config-line)To set a password for the console connection
loginLine configurationRouter(config-line)To require login with a password to the console connection
line vty 0 <max>Global configurationRouter(config)To configure a set of virtual teletype lines
login localLine configurationRouter(config-line)To require login with a user account name and password
transport input sshLine configurationRouter(config-line)To only accept SSH connections

New terms

In this session you have met the following terms.

Telnet

A protocol used for unencrypted remote terminal connections.

Secure Shell (SSH)

A protocol used for encrypted remote terminal connections.