Re: changing routers and switchs passwords remotely

[Jimi Thompson <jimi.thompson () gmail com>]

I've seen a couple that do LDAP authentication, however, if you
employer has a "paranoia index" such they are changing passwords every
3 months but don't currently have TACAS or RADIUS implemented, I'd say
that there's more to this than meets the eye.  My guess is that all of
you have one account on all boxes (i.e. you all log in as "root")

1) Do away with "shared" accounts
2) USE TOKENS
3) Implement some sort of centrally controlled and managed account
management application
4) Implement some sort of centrally managed logging and access auditing

HTH,

Jimi


On Thu, 2 Dec 2004 13:56:23 -0500, Paris E. Stone <pstone () alhurra com> wrote:
> Use a Tacacs+ or Radius server and configure the devices to authenticate
> against them.
>
> CCO documents aplenty on how to configure it.
>
> ~~~~~
> Paris E. Stone, "Linux Zealot"
> CISSP, CCNP, CNE, MCSE, CIW Master Administrator
> ~~~~~
> "Not all who wander are lost."
> J.R.R.T.
> -----Original Message-----
> From: Juan B [mailto:juanbabi () yahoo com]
> Sent: Thursday, December 02, 2004 4:24 AM
> To: security-basics () securityfocus com
> Subject: changing routers and switchs passwords remotely
>
> Hi,
>
> in my organization we need to change the enable
> password of the swithces ( about 80 )and routers once
> each three monthes I an looking for a cheap utility or
> application which can help me do that..
>
> can someone advice please?
>
> thanks !!!
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com


-- 
Thanks,

Jimi