You can run SSH on some Cisco routers, depending on the software you are
running. TACACS+ will not cause the telnet session to be encrypted. We
use terminal servers that support SSH that are plugged into the console
port of the router for some secure customers.
Eric
"Tony Toni" <[EMAIL PROTECTED]>
12/10/2002 07:45 PM
To: [EMAIL PROTECTED]
cc:
Subject: Telnet Security Question for a Router.
We were currently wrote up by our external auditors because we use telnet
to
access all of our routers. In some cases we use a filtered Telnet
service...but that is not the normal practice. We are a fairly good size
company with about 1000+ routers.
I am charged with coordinating a response to the auditors. I know all of
the security issues involved with Telnet...ie login id and password sent
across the network in clear text, etc. My question: Is it possible to
use SSH or CISCO TACACS+ to encrypt the entire Telnet session? Is there a
way to ensure no one can sniff the login id and password? The Network
Services Group is adamant that neither SSH or CISCO TACACS+ will work on a
router to correct the security issue.
Tony CIA,CISA,CDP,MBA
Security and Audit Services
Nations Banking & Trust
PS: I have been playing phone tag with the auditor that wrote us up...to
see
what they recommend...have not reached him yet.
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail
