Password encrypted

[herri]

Dear All
If we log into cisco router, we must supply telnet password and enable password respectivelly. Have these password encrypted before sent to router ? it is dangerous if we supply password across network without encrypton because high risk for sniffer attack.

best regards,

herri
Jakarta , Ind

 

[l3stuff]

Considering there are plenty of freeware apps, that will unencrypt the passwords, it's somewhat moot. SSH is your way to go. SSH server side software had been in IOS for some time now. It's an safe as you can get 8)

 

[KSM]

If you do not want to upgrade the feature in your IOS, then think about setting up tacacs+ server with MD5 password support and use aaa authentication. Cisco offer tacacs+ software in their ftp site. Pretty reliable if you know how to configure server and routers.

 

[wybnormal]

No, they are not encrypted. Telnet transmits the characters in plain text.. serial format.. ie.. one of after another.

The encryption is only for the IOS so when the config is displayed, the passwords are not in plain site.. but Level 7 is very easily cracked so that is pretty useless. Add to the fact that with SNMP, you can *borrow* the config.. it's not a happy place to be.

I agree with KSM... either use TACACS+, Radius or Cisco Secure (ACS) The router will be told to go to a host to get the proper authentication. I use TACACS+ to control some terminal servers.. Linux provides the backend and I use Webmin to provide a pretty front end on the Linix box for working with the user accounts.

MikeS
Find me at

http://www.packetattack.com

"The trouble with giving up civil rights is that you never get them back"

 

[l3stuff]

this is not as secure as SSH. SSH not only secures the password aspect of interacting with your routers, but the ongoing session (lots of sesnsitive stuff there). If security is your concern SSH is definitely the way to go....