Working as a Network Admin or Network engineer you need to know how to secure router and switches.here in this article we will learn how to secure cisco router. Securing cisco router means secure it in all the possible way, whether it is console based security by providing console password or enable password security or enable secret security.you also should configure router auxiliary password.When we talk about securing router from remote users or users in network then we must configure telnet password and ssh password along with all above passwords.
How to limit password length on Cisco router.
r1(config)#security passwords min-length 9 r1(config)#username satish password redhat % Password too short - must be at least 9 characters. Password not configured. r1(config)#username satish password redhat123456 Now you can see you cannot assign password whose lenght is less than 9 character.
How to password protect Console Port.
To configure the console password, follow these steps.
Router(config)# line console 0 Router(config-line)# password CISCO Router(config-line)# login Router(config-line #Ctrl-Z Router#
How to password protect Auxilary (AUX Port) Port
To configure the auxilary password, follow these steps.
Router#config t Router(config)#line aux 0 Router(config-line)#password cisco Router(config-line)#login Router(config-line)# Ctrl-Z Router#
How to password protect VTY Ports (Telnet Ports)
Configuring the VTY password is very similar to doing the Console and Aux ones. The only difference is that there are 5 VTY virtual ports, which are named 0, 1, 2, 3, and 4. You can use the shortcut 0 4 (a zero, a space, and 4) to set all 5 passwords at the same time.
To configure the VTY password, follow these steps.
Router#config t Router(config)#line vty 0 4 Router(config-line)#password cisco Router(config-line)#login Router(config-line)# Ctrl-Z Router#
How to password protect Privileged Mode
The Enable Password is the old form of the password for “Privileged Mode”. Here the password is stored un-encrypted.
Router#config t Router(config)#enable password cisco Router(config-line)# Ctrl-Z Router#
Enable Secret provides better security since password is kept encrypted.
Router#config t Router(config)#enable secret cisco Router(config-line)# Ctrl-Z Router#
Encrypting Passwords
You want to encrypt passwords so that they do not appear in plain-text in the router configuration file.
To enable password encryption on a router, use the service password-encryption configuration command:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#enable password ccna123 Router(config)#line vty 0 4 Router(config-line)#password ccna Router(config-line)#line con 0 Router(config-line)#password linux Router(config-line)#line aux 0 Router(config-line)#password hacking Router(config-line)#exit Router(config)#service password-encryption Router(config)#end Router#
Learn Linux CCNA CEH IPv6 Cyber-Security Online 