nanog mailing list archives

Re: ABOVE.NET SECURITY TRUTHS?

From: "Alec H. Peterson" <ahp () hilander com>
Date: Fri, 28 Apr 2000 15:06:38 -0600


Paul Froutan wrote:


I don't think you can.  However, I use TACACS on all my switches and
routers.  From what I know, TACACS passwords are encrypted using the key on
your network devices and the TACACS server.  So, that, in combination with
a private management LAN not accessible by your customers should lock down
your network pretty effectively.  Any comments?


Using TACACS+ with some sort of one-time-passwording works very well.

Alec

-- 
Alec H. Peterson - ahp () hilander com
Staff Scientist
CenterGate Research Group - http://www.centergate.com
"Technology so advanced, even _we_ don't understand it!"

Current thread:

ABOVE.NET SECURITY TRUTHS? Exiled Dave (Apr 28)
- <Possible follow-ups>
- Re: ABOVE.NET SECURITY TRUTHS? Exiled Dave (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Exiled Dave (Apr 28)
  - RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 28)
    - RE: ABOVE.NET SECURITY TRUTHS? Paul Froutan (Apr 28)
    - Re: ABOVE.NET SECURITY TRUTHS? Alec H. Peterson (Apr 28)
    - Re: ABOVE.NET SECURITY TRUTHS? Travis Pugh (Apr 28)
    - Re: ABOVE.NET SECURITY TRUTHS? Hank Nussbacher (Apr 29)
    - Re: ABOVE.NET SECURITY TRUTHS? Alec H. Peterson (Apr 30)
    - Re: ABOVE.NET SECURITY TRUTHS? Philip Smith (Apr 30)
    - Re: ABOVE.NET SECURITY TRUTHS? John Kristoff (Apr 28)
  - Re: ABOVE.NET SECURITY TRUTHS? Alex Rubenstein (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Greene, Dylan (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Danny McPherson (Apr 28)
  - Re: ABOVE.NET SECURITY TRUTHS? Joe Shaw (Apr 30)
- RE: ABOVE.NET SECURITY TRUTHS? Greene, Dylan (Apr 28)

(Thread continues...)