Discovering computer networks: hands on in the Open Networking Lab
Discovering computer networks: hands on in the Open Networking Lab

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Discovering computer networks: hands on in the Open Networking Lab

15.4 Summary of Session 15

In this session you’ve seen a variety of ways in which security for a router can be improved.

You have seen that enterprise routers allow a network engineer to connect in two ways: with a direct connection to a special console port, or over the network. Passwords can be set to control access to both of these. When a remote connection is made over the internet, a secure communication protocol such as SSH should be used to prevent an eavesdropper from reading passwords.

A message can be configured to warn that only authorised users can connect. Separate passwords can be applied to protect access to the console port and to network access through virtual teletypes.

The command-line interface on Cisco routers can be password protected, requiring the user to enter the correct password to enter further configuration commands. This applies whichever method is used to connect to the router.

You have also seen that security is difficult to get right. Possible weaknesses are storing passwords as plain text in configuration files, or using unencrypted Telnet for remote access. A network engineer should be alert to problems such as these and know ways to avoid them – for example, by adding encryption to passwords and by requiring SSH instead of Telnet for remote access.

Commands

In this session you have used the following commands.

CommandModeCommand promptPurpose
enable secret <password>Global configurationRouter(config)To set a password for privileged execution mode
banner motd <sep><banner><sep>Global configurationRouter(config)To set a message of the day
service password-encryptionGlobal configurationRouter(config)To encrypt passwords stored in the running configuration
username <name> secret <password>Global configurationRouter(config)To create a user account
line console 0Global configurationRouter(config)To configure the console connection
password <password>Line configurationRouter(config-line)To set a password for the console connection
loginLine configurationRouter(config-line)To require login with a password to the console connection
line vty 0 <max>Global configurationRouter(config)To configure a set of virtual teletype lines
login localLine configurationRouter(config-line)To require login with a user account name and password
transport input sshLine configurationRouter(config-line)To only accept SSH connections

New terms

In this session you have met the following terms.

Telnet

A protocol used for unencrypted remote terminal connections.

Secure Shell (SSH)

A protocol used for encrypted remote terminal connections.

OPNL_1

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to university level study, find out more about the types of qualifications we offer, including our entry level Access courses and Certificates.

Not ready for University study then browse over 900 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus