Thursday, June 11, 2009

encrypt all password in show run

Service password-encryption

Password encryption is applied to all passwords, including 
1)username passwords
2)authentication key passwords
3)privileged command password
4)console
5)virtual terminal line access passwords
6)Border Gateway Protocol neighbor passwords. 


Keeping unauthorized individuals from viewing your password in your configuration file.

Interface configuration

Cisco


Interface (fa0/0 or s0/0/0 etc… …>)
Description (describe link) =>useful for troubleshooting as it can tell you where is it connected to
Ip address (ip address) (subnet mask)
No shut
hint: subnet mask
/32 255.255.255.255 no useful IP address
/31 255.255.255.254 no useful IP address
/30 255.255.255.252 useful for WAN link, 4 IPs (1 network, 1 broadcast, 2 user IPs)
/29 255.255.255.248 8 IPs (1 network, 1 broadcast, 6 user IPs)
/28 255.255.255.240 16 IPs (1 network, 1 broadcast, 14 user IPs)
/27 255.255.255.224 32 IPs (1 network, 1 broadcast, 30 user IPs)
/26 255.255.255.192 64 IPs (1 network, 1 broadcast, 62 user IPs)
/25 255.255.255.128 128 IPs (1 network, 1 broadcast, 126 user IPs)
/24 255.255.255.0
/23 255.255.254.0
/22 255.255.252.0
/21 255.255.248.0
/20 255.255.240.0


Juniper
Interface (fxp0,lo0,em0,fe-x/0/y,se-x/0/y)
x = PIM slot
y = Port Number



inet => IPv4


root@router#set interfaces em0 unit 0 family inet address (ip address)/(prefix)
root@router#commit


IPv6
Cisco - ipv6 address 2001:db8::1/64
Juniper - set interfaces em0 unit 0 family inet6 address 2001:200:30:2::1/64

Enable Privileged Password Login

Enable secret 5 (Level 2 password)

Cisco's Type 7 scheme is a weak protection scheme.


Type 5 uses a strong, one-way encryption hash (MD5), which will ensure greater security. 


Whenever possible, the Type 5 password protection scheme should be used.

Create username login

Cisco
username (name) password privilege (level) (password)

level 15 (Cisco administrator / super-user access)
level 7 (moderate user access)


Junipers
set system login user (name) classs (class)  authentication plain-text-password



               Login class
  operator             permissions [ clear network reset trace view ]
  read-only            permissions [ view ]
  super-user           permissions [ all ]
  unauthorized         permissions [ none ]