Great Circle Associates Firewalls
(January 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: router security
From: Christian Wettergren <cwe @ it . kth . se>
Date: Wed, 25 Jan 95 19:12:07 +0100
To: lavondes @ tidtest . total . fr
Cc: jon @ nytimes . com (Jon E. Price), firewalls @ greatcircle . com (fw)
In-reply-to: Your message of Wed, 25 Jan 95 14:19:02 GMT. <9501251419 . AA02665 @ tidtest . total . fr> 
| > What protects them?
| > (more than just login password)?
| 
| Well, I don't know about others, but ciscos have telnet address-based
| authentication (plus I think, they can use TACACS - never tried it,
| though, and I don't know enough about it to guess how secure it is)
| and 2 passwords (1 for logging in, looking at interface state and
| statistics, routing tables etc) and an other one to do really useful/nasty
| things (looking/changing configuration, taking interfaces down/up, etc)

TACACS is great! :-)

* The router prints a login-prompt
* The user enters the username and password.
* The username/password is sent of to a remote
  tacacsd, which validates the username/password pair
  with some algorithm.
* tacacsd send back a packet 
  "Yes, everything is fine. Let him in".

! All communication between router and tacacsd is done in clear.

I might have misunderstood this, if so, please inform me! 
Btw, there is an informal RFC describing the CISCO tacacs.

/Christian W, cwe @
 it .
 kth .
 se
Follow-Ups:
References:
Indexed By Date Previous: Re: CISCO configuration, part II
From: Paul Traina <pst @ cisco . com>
Next: Re: Firewall and cdrom
From: bret @ real . com (Bret McDanel)
Indexed By Thread Previous: Re: router security
From: Paul Traina <pst @ cisco . com>
Next: Re: router security
From: lavondes @ tidtest . total . fr (Michel Lavondes)
Google
 
Search Internet Search www.greatcircle.com