R: CISCO Catalyst

["Vega - Brunello Ivan" <I.Brunello () vegaspa it>]

In short: setup a TACACS+ server (that is, a server which manages the userbase).
This way, you can:
- setup users in a centralized location, and optionally bind user to external userbase (e.g. Active Directory, LDAP, or 
SQL).
- set password policies (if you use external userbase, external userbase policy apply).
- group users by role.
- grant users or groups access to every single command (TACACS+ lets you do, something else like RADIUS cannot).
- have log of every single action.


AFAIK the only one (for tacacs) is Cisco own ACS product.
Dunno if there are cheaper (and better) alternatives.



Ivan Brunello
System & Network Management
 
 

-----Messaggio originale-----
Da: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Per conto di pepsdiaz () gmail com
Inviato: mercoledì 23 gennaio 2008 10.27
A: security-basics () securityfocus com
Oggetto: CISCO Catalyst


Dear all,


I need to audit a CISCO Catalyst 6509 and 2950. I would like to know, if you can set up several users in order log 
their activities on it and how to do that.

Besides, I would like to know if you can set up password protection measures like:

 - Change password periodically.

 - Lenght of password

 - Historical of password


Can you set up more than one user role or just the administrator?


Thanks in advance to everybody.