See how Cisco routers achieve Remote Management Security

Security is one of the most important issues for vro users. Here we mainly introduce how Cisco vrouters implement remote management security. Telnet to the Cisco router for remote management is the choice of many network management, but the data transmitted through Telnet is in plain text, so this login method has a great security risk. A malicious user may use a Sniffer tool like Sniffer to perform local monitoring on the Administrator host or an appropriate interface to obtain the Administrator's password for logging on to the Cisoc router.

1. Security Testing

I installed sniffer locally and used Telnet to log on to the Cisco router. Stop sniffing and decode it. 1 shows that I log on to the Cisoc router in user mode and global mode. The entered passwords are displayed in plain text. Although the password is split into two parts, an experienced attacker may combine them to obtain the logon password of the Cisco router. In fact, more than that, all the commands entered on the Cisoc router by the sniffer tool administrator will be sniffed. In this way, even if the Administrator has changed the password of the Cisoc router and encrypted it, it can be sniffed. (Figure 1)

2. SSH Security

SSH is called Secure Shell in English, and its default connection port is 22. By using SSH, all transmitted data can be encrypted, which is not possible in the "man-in-the-middle" attack mode above, and can also prevent DNS and IP spoofing. In addition, it also has an additional advantage that the transmitted data is compressed, so it can speed up transmission.

3. SSH deployment

Based on the above tests and SSH security features, it is necessary to use SSH instead of Telnet for security management of Cisco routers. Of course, to implement SSH security management for CISOC, you also need to set it on the Cisoc router. The following describes how to deploy and connect SSH in a virtual environment.

Tip: In Cisoc, rsa supports 360-2048 bits. The principle of this algorithm is that the host distributes its own public key to the relevant client, when the client accesses the host, it uses the public key of the host to encrypt the data, and the host uses its own private key to decrypt the data.