In this article we will discuss Network Basic Security Practices, will make brief discussion on Network Basic Security Practices, In last article we discuss about Endpoint Security – Network Security.
Strong passwords are only as useful as they are secret. There are several steps that can be taken to help ensure that passwords remain secret.
Using the global configuration command service password-encryption prevents unauthorized individuals from viewing passwords in plain text in the configuration file. This command causes the encryption of all passwords that are unencrypted.
Additionally, to ensure that all configured passwords are a minimum of a specified length, use the security passwords min-lengthcommand in global configuration mode.
Another way hackers learn passwords is simply by brute-force attacks, trying multiple passwords until one works. It is possible to prevent this type of attack by blocking login attempts to the device if a set number of failures occur within a specific amount of time.
Router(config)# login block-for 120 attempts 3 within 60
This command will block login attempts for 120 seconds if there are three failed login attempts within 60 seconds.
Another recommendation is setting executive timeouts. By setting the exec timeout, you are telling the Cisco device to automatically disconnect users on a line after they have been idle for the duration of the exec timeout value. Exec timeouts can be configured on console, VTY, and aux ports using the exec-timeoutcommand in line configuration mode.
Router(config)# line vty 0 4
Router(config-line)# exec-timeout 10
This command configures the device to disconnect idle users after 10 minutes.