From: Joe A (groupstudy@xxxxxxxxxxx)
Date: Wed Aug 28 2002 - 16:15:59 GMT-3
First question is, 'read only' to what? Statistics, interfaces, routing
tables, etc? If that's the case, they won't see the passwords if you
don't let 'em go to a higher exec level. Why do they need to see the
config? If they do, give them a hard copy with the passwords removed,
and give them basic access to the route (i.e. not-enable access).
I've seen programs to decrypt encrypted access and line passwords, but I
don't think it is that easy to decrypt the enable password, so I don't
think you have a huge problem.
Asside from that, you could use TACACS to control access instead of
local passwords.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Wright, Jeremy
Sent: Wednesday, August 28, 2002 9:42 AM
To: 'security@groupstudy.com'
Cc: 'ccielab@groupstudy.com'
Subject: Read Only Access For Telnet
I have a remote location that is needing read only access to my router.
I know you can decrypt the encrypted password in the show run and I want
to eliminate the possibility of them doing that. What is the best way to
accomplish this?
************************
Jeremy Wright
Network Analyst
Archer Daniels Midland
ja_wright@admworld.com
(217)451-4063
************************
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:40 GMT-3