With the rapid development of the network, network access mode has become a variety of, whether ISDN, ADSL or dedicated line, routers are undoubtedly in recent years the network access to the enterprise network of hot equipment. And how to protect the security of the router, for the network administrator is also a long way away, once the hackers have access to the control of the router, the router launched an attack, thereby wasting the CPU cycle of routers, misleading information flow, and ultimately the entire network into paralysis. and strengthen the security configuration of routers, is also a very big topic, today, I talk about how to check from the "entrance", so that our routers to minimize the possibility of hackers attack.
First, set the configuration password
For routers, configuration methods can be basically divided into three types, console, aux and vty (Telnet), and vty and aux default configuration access requires a login password, if not set any password, the router will refuse to establish a session, and return an error message, indicating that the reason for the error is "Password request is not set". The console port does not require a password by default. That is to say, without a console password setting, anyone with a laptop and a control line can easily enter the device to modify 備置, so not only set the password for Aux and vty, but also set the login password for the console port.
Let's take a look at the syntax for a three cipher type:
To set a password from the console:
Line Console 0
Password Password
Login
To set a password by aux:
Line aux 0
Password Password
Login
Remote Settings password via Telnet
Line vty 0 4
Password Password
Login
With this foundation, we can take a look at the specific setup process (Figure 1)
Figure 1
Tip: "line vty 0 4" means that five virtual interfaces are turned on, indicating that five users can telnet to the router at the same time.
Second, user name and password combination certification
Above just configured a variety of access to the password, if the enterprise has more than one network administrator, need to view, modify the configuration of the router, the use of a unified password display is not appropriate, and easy to cause password leakage. For each administrator to set a username and password, after such a combination, security will be a certain increase. (Programming Entry Network)
The command to set the username and password is password the corresponding user password for username username, where password can be replaced with secret, thereby setting the encrypted (password set password to plaintext, All users who can log on to the router can view the password (as shown in Figure 2).
Figure 2
Tip: The user name and password you set are stored in the router's database, where the user name is case-insensitive and the password is strictly case-sensitive, so you need to be aware of the case state when setting the password.
Third, summary
Security seems to be a perpetual topic, and there is no absolute and no lasting security for the Web. And we have to do is to do our best to be more secure under the existing conditions. Although it is often said that the password is only a paper tiger, but in the actual use, the password seems to be our best weapon, so set the router login password, from the "entrance" at the gate is particularly important. Especially the console port password is a lot of people take it lightly, that the device is placed in the cabinet, outsiders are difficult to contact with the physical equipment, but if you can more than a precaution, can be more secure, why not do it? Move forward steadily to make our network safer.