Re: Read Only Access For Telnet

From: Neil Moore (neil@xxxxxxxxxx)
Date: Fri Aug 30 2002 - 07:36:49 GMT-3

• Next message: Asim Khan: "No. of Candidates"
• Previous message: Teknoloji Çözümleri: "RE: Please help!!!"
• Maybe in reply to: Wright, Jeremy: "Read Only Access For Telnet"
• Next in thread: Volkov, Dmitry (Toronto - BCE): "RE: Read Only Access For Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hello there,
To add another way....
Since it is probably a remote support wanting to get on the router to do
some show commands that are higher than level 1.... use the privilige
command to move the needed level 15 commands down to level one. Just a
thought...
Neil Moore
CCIE #10044,CCNP,CCDP,CCDA,CCDP,MCSE 2K,MCDBA,SSA,CCSE,CCSA,HPSA
----- Original Message -----
From: "Graham, John" <john.graham@cgey.com>
To: "'Owens, Michael'" <Michael.Owens@FMR.COM>; "'Wright, Jeremy'"
<JA_WRIGHT@admworld.com>; <security@groupstudy.com>
Cc: <ccielab@groupstudy.com>
Sent: Friday, August 30, 2002 5:11 AM
Subject: RE: Read Only Access For Telnet

> They obviously haven't done a web search then.
>
> http://www.kazmier.com/computer/cisco-noswing.html
>
> -----Original Message-----
> From: Owens, Michael [mailto:Michael.Owens@FMR.COM]
> Sent: 28 August 2002 16:51
> To: 'Wright, Jeremy'; 'security@groupstudy.com'
> Cc: 'ccielab@groupstudy.com'
> Subject: RE: Read Only Access For Telnet
>
>
> The best way to solve this would be to use ACS with a TACACS+ database
> utilizing AAA.
>
> The quickest way is to just use the enable secret command.
> The Cisco decryption programs will not decrypt passwords set with the
enable
> secret command. The enable password command should no longer be used. Use
> the enable secret command for better security. The only instance in which
> the enable password command might be tested is when the device is running
in
> a boot mode that does not support the enable secret command.
>
> Enable secrets are hashed using the MD5 algorithm. As far as anyone at
Cisco
> knows, it is impossible to recover an enable secret based on the contents
of
> a configuration file (other than by obvious dictionary attacks).
>
> Michael C. Owens
>
> -----Original Message-----
> From: Wright, Jeremy [mailto:JA_WRIGHT@admworld.com]
> Sent: Wednesday, August 28, 2002 9:42 AM
> To: 'security@groupstudy.com'
> Cc: 'ccielab@groupstudy.com'
> Subject: Read Only Access For Telnet
>
>
> I have a remote location that is needing read only access to my router. I
> know you can decrypt the encrypted password in the show run and I want to
> eliminate the possibility of them doing that. What is the best way to
> accomplish this?
>
>
>
>
>
>
>
>
>
>
> ************************
> Jeremy Wright
> Network Analyst
> Archer Daniels Midland
> ja_wright@admworld.com
> (217)451-4063
>
> ************************

• Next message: Asim Khan: "No. of Candidates"
• Previous message: Teknoloji Çözümleri: "RE: Please help!!!"
• Maybe in reply to: Wright, Jeremy: "Read Only Access For Telnet"
• Next in thread: Volkov, Dmitry (Toronto - BCE): "RE: Read Only Access For Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:42 GMT-3