nanog mailing list archives
Re: ABOVE.NET SECURITY TRUTHS?
From: "Alec H. Peterson" <ahp () hilander com>
Date: Sun, 30 Apr 2000 08:36:20 -0600
Hank Nussbacher wrote:
TACACS encryption won't help if you follow the Cisco Essential IOS Features (v 2.82 - Feb 18, 2000). On page 45 they discuss router command auditing and recommend: aaa accounting command 15 start-stop tacacs+ Unfortunately, this will log in your syslog the password commands in cleartext. You would have to be sure that the Unix/NT system you are logging all Cisco commands to is as secure as your router. How many of you run ISS/Cybercop/Netrecon scans every week on your logging servers to be sure they are secure?
Hrm, that's odd, since I was using TACACS+ accounting a while ago (that exact command actually) and it never logged any passwords that I entered... Alec -- Alec H. Peterson - ahp () hilander com Staff Scientist CenterGate Research Group - http://www.centergate.com "Technology so advanced, even _we_ don't understand it!"
Current thread:
- ABOVE.NET SECURITY TRUTHS? Exiled Dave (Apr 28)
- <Possible follow-ups>
- Re: ABOVE.NET SECURITY TRUTHS? Exiled Dave (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Exiled Dave (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Paul Froutan (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Alec H. Peterson (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Travis Pugh (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Hank Nussbacher (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Alec H. Peterson (Apr 30)
- Re: ABOVE.NET SECURITY TRUTHS? Philip Smith (Apr 30)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? John Kristoff (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Joe Shaw (Apr 30)
- RE: ABOVE.NET SECURITY TRUTHS? Mr. James W. Laferriere (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Chris Cappuccio (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Michael Shields (Apr 28)