Home > Others

How to improve the security of Cisco router Remote Management

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

With the development of China's routing industry, its market demand is also increasing. As a leader in the routing industry, Cisco routers have a very high market share. Telnet to the Cisco router for remote management is the choice of many network management, but the data transmitted through Telnet is in plain text, so this login method has a great security risk.

1. Security Testing

I installed sniffer locally and used Telnet to log on to the Cisco router. Stop sniffing and decode it. 1 shows that the password entered in the user mode and global mode is displayed in plaintext. Although the password is split into two parts, an experienced attacker may combine them to obtain the logon password of the Cisco router. In fact, more than that, all the commands entered on the Cisco router by the sniffer tool administrator will be sniffed. In this way, even if the Administrator has changed the password of the Cisco router and encrypted it, it can be sniffed.

2. SSH Security

SSH is called Secure Shell in English, and its default connection port is 22. By using SSH, all transmitted data can be encrypted, which is not possible in the "man-in-the-middle" attack mode above, and can also prevent DNS and IP spoofing. In addition, it also has an additional advantage that the transmitted data is compressed, so it can speed up transmission.

3. SSH deployment

Based on the above tests and SSH security features, it is necessary to use SSH instead of Telnet for security management of Cisco routers. Of course, to implement SSH security management for CISOC, you also need to set up on the Cisco router. The following describes how to deploy and connect SSH in a virtual environment.

After the preceding settings are complete, you cannot Telnet to cisco. You must use a dedicated SSH client for remote logon. To verify the security of SSH logon, we enable network packet capture software for sniffing during logon. The SSH client used by the author is PuTTY. Start the software and enter the IP address 192.168.2.1 of the Cisco router. Then, a dialog box will pop up for the two clients. Let's choose whether to use the SSH key we just set, click "yes" to enter the logon command line. Enter the SSH logon user and ctocio password set on the Cisco router in turn. You can see that the logon is successful to the Cisco router. Then, we checked the packet capture result of the sniffer tool, and all the data was encrypted, so we could not see sensitive information such as injection of users and passwords. We can see that using SSH can ensure the security of remote logon to the Cisco router.

Conclusion: SSH is not only used for security management of Cisco routers. We can deploy SSH-based Remote Management in practical applications such as remote system management and remote server maintenance. In addition, the current SSH tools include not only command line tools, but also some GUI tools. Network management, security first, SSH can greatly prevent attacks from "man-in-the-middle". I hope this article will help you improve the security of network management.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to improve dpi of image netgear router remote management how to reboot cisco router how to improve documentation how to find security key on router how to improve mysql performance how to improve programming skills

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More