nanog mailing list archives
Re: ABOVE.NET SECURITY TRUTHS?
From: John Kristoff <jtk () depaul edu>
Date: Fri, 28 Apr 2000 16:09:29 -0500
Paul Froutan wrote:
I don't think you can. However, I use TACACS on all my switches and
SSH is becoming available on the IOS and I believe it is available in the very latest of 'T' train IOS releases. I don't think the same is true for the CatIOS side of the house. Hopefully soon if not already.
routers. From what I know, TACACS passwords are encrypted using the key on your network devices and the TACACS server. So, that, in combination with a private management LAN not accessible by your customers should lock down your network pretty effectively. Any comments?
Yes, assuming that LAN is indeed private. The initial connection between the client and switch will still be unencrypted. The right ACLs for the VTY's also help. John
Current thread:
- ABOVE.NET SECURITY TRUTHS? Exiled Dave (Apr 28)
- <Possible follow-ups>
- Re: ABOVE.NET SECURITY TRUTHS? Exiled Dave (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Exiled Dave (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Paul Froutan (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Alec H. Peterson (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Travis Pugh (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Hank Nussbacher (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Alec H. Peterson (Apr 30)
- Re: ABOVE.NET SECURITY TRUTHS? Philip Smith (Apr 30)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? John Kristoff (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Joe Shaw (Apr 30)
- RE: ABOVE.NET SECURITY TRUTHS? Mr. James W. Laferriere (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Chris Cappuccio (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Michael Shields (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Mark Milhollan (Apr 30)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 28)