| My actual problem is to managed several Cisco Routers situated
| on a public network from a central site, from where there is no
| way to garantee secure communication.
|
| I can access them using telnet or by using the CiscoWorks
| application (protocols SNMP and TFTP), but still the password
| and the operation are running on the network in a clear form.
|
| In many actual security configuration routers are the elements
| that protect the internal network. Are there any techniques or
| software to protect them and administrative communications with
| them?
You might be able to get an encrypted connection to a network
each Cisco is attached to, and then use one of the other
authentication methods commented on (Kerberos, Tacas, or Radius), or
simply have a shorter path to worry about sniffing.
If you bridge off a cheap bastion system running SSH or
DESlogin, then you have an encrypted connection to that box, and a
bridged connection to the router. (You might also connect this box to
a serial port on the router.)
This would take roughly one 386 running UNIX, and possibly one
bridge per site. Depending on availability of those resources, you
could so something like:
external net
|
router 386/UNIX
internal | |
network--[bridge]--+---------+-
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
References:
|
|
