Make your router more secure

Source: Internet
Author: User

With the rapid development of the network, network access mode has become a variety of, whether ISDN, ADSL or dedicated line, routers are undoubtedly in recent years the network access to the enterprise network of hot equipment. And how to protect the security of the router, for the network administrator is also a long way away, once the hackers have access to the control of the router, the router launched an attack, thereby wasting the CPU cycle of routers, misleading information flow, and ultimately the entire network into paralysis. and strengthen the security configuration of routers, is also a very big topic, today, I talk about how to check from the "entrance", so that our routers to minimize the possibility of hackers attack.

First, set the configuration password

For routers, configuration methods can be basically divided into three types, console, aux and vty (Telnet), and vty and aux default configuration access requires a login password, if not set any password, the router will refuse to establish a session, and return an error message, indicating that the reason for the error is "Password request is not set". The console port does not require a password by default. That is to say, without a console password setting, anyone with a laptop and a control line can easily enter the device to modify 備置, so not only set the password for Aux and vty, but also set the login password for the console port.

Let's take a look at the syntax for a three cipher type:

To set a password from the console:

Line Console 0

Password Password

Login

To set a password by aux:

Line aux 0

Password Password

Login

Remote Settings password via Telnet

Line vty 0 4

Password Password

Login

With this foundation, we can take a look at the specific setup process (Figure 1)

Figure 1

Tip: "line vty 0 4" means that five virtual interfaces are turned on, indicating that five users can telnet to the router at the same time.

Second, user name and password combination certification

Above just configured a variety of access to the password, if the enterprise has more than one network administrator, need to view, modify the configuration of the router, the use of a unified password display is not appropriate, and easy to cause password leakage. For each administrator to set a username and password, after such a combination, security will be a certain increase. (Programming Entry Network)

The command to set the username and password is password the corresponding user password for username username, where password can be replaced with secret, thereby setting the encrypted (password set password to plaintext, All users who can log on to the router can view the password (as shown in Figure 2).

Figure 2

Tip: The user name and password you set are stored in the router's database, where the user name is case-insensitive and the password is strictly case-sensitive, so you need to be aware of the case state when setting the password.

Third, summary

Security seems to be a perpetual topic, and there is no absolute and no lasting security for the Web. And we have to do is to do our best to be more secure under the existing conditions. Although it is often said that the password is only a paper tiger, but in the actual use, the password seems to be our best weapon, so set the router login password, from the "entrance" at the gate is particularly important. Especially the console port password is a lot of people take it lightly, that the device is placed in the cabinet, outsiders are difficult to contact with the physical equipment, but if you can more than a precaution, can be more secure, why not do it? Move forward steadily to make our network safer.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.