It is understandable that you may need to connect and troubleshoot the router from outside, but SDM is an easy-to-use graphical interface that anyone, once authenticated, can use to manipulate the router's configuration.īut the biggest problem with the preceding configuration is the username and password of cisco. Second, you can access the SDM from outside the LAN this exposes an entry method to potential hackers. First, you are not using NTP, so your logs will not be appropriately timestamped.
There are three problems with the configuration displayed here.
#CISCO IOS COPY LOG TFTP SOFTWARE#
You have two different computers running syslog software so that two people are monitoring for problems. All seems well you are confident in your configuration and things seem secure. You have SSH and SDM enabled to access the router from inside and outside the network. You have a VPN concentrator set up inside the network using network address translation (NAT) to gain access to it. You have enabled SSH and the firewall feature set. Inappropriate use may be punished to the fullest extent allowed under the law. Unauthorized use prohibited under state and federal law.Īll access to this device is subject to monitoring, logging, tracking and investigation. Warning - this device is private property. Ip http timeout-policy idle 5 life 86400 requests 10000 Service-policy output sdmappfwp2p_SDM_HIGH Service-policy input sdmappfwp2p_SDM_HIGH Username cisco privilege 15 password 7 09484107 Username sdm privilege 15 password 7 02050D480809 Username scott privilege 15 password 7 114D1A0A03064F42547B Subject-name cn=IOS-Self-Signed-Certificate-738991827Ĭrypto pki certificate chain TP-self-signed-738991827Ĭertificate self-signed 01 nvram:IOS-Self-Sig#3701.cer Server deny name Ĭrypto pki trustpoint TP-self-signed-738991827 Ip rcmd remote-host sdm 144.251.100.120 sdm enable You have also set up your Cisco router with the following startup config:Įnable secret 5 $1$yN9o$XtoSNSbGjOLxrSwS1trSw.Įnable password 7 0605002C5C5B041816031719 You have addressed the company's policy requirements and the network's acceptable use policy, and you have a documented security profile for the network.
0 kommentar(er)
