(March 1997)
|
|
Firewalls (March 1997) |
On 21-Mar-97 John Snyder wrote: >I'm in the middle of a discussion on the use of Cisco routers as part of >a firewall implementation. I have been confronted with the claim there >are not any detection mechanisms that can alert one to attempted logins >to the router. > >It appears that Cisco routers do not support the idea of individual user >accounts. It does seem to support up to 16 levels of security each >protected by a password. I cannot find anything in Cisco documentation >that helps me in detecting attempts to log on to the router. It seems >someone could continuously attempt logins trying to guess passwords >without anyone ever knowing. why not just disable telnet to the router and configur it from the local port.. > >Is their anything native in the router IOS to help here or is a separate >TACACS server a requirement. > >Thanks in advance for any knowledge in this area. > >John Snyder > |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| | Ken Kempster kempster @ monarch . rnb . com | | Network Systems Engineer _\|/_ | | Republic National Bank (o o) | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~oOO-(_)-OOo~~~~~~~~~~~~~~ References:
|