Charles, There's not much middle ground between using username/password and One Time Passwords (OTP) such as SecurID, Skey, etc. The only thing you can do to make the use of username/password stronger is to pick _very_ good passwords. Make the pwd's at least 8 chars and pick special chars, things like $,%,^,!,{,], etc.
You can make the passes easier to remember by choosing certain special characters to substitute for certain letters, for example you can subsitute $ for s and make the pwd "slipstring" into "$lip$tring" and increase the difficulty of a password guessing program cracking the pwd by orders of magnitude. Other than that, OTP is the way to go and much stronger than any userid/pwd combo. I would also not allow the use of PAP, it's pretty rare for someone to tap a phone line to get a userid/pwd, but why take the chance. Require the use of CHAP. BTW, I assume based on your query that your only looking for ways to increase the user authentication strength. There are lots of things you can do to secure the router itself. You can search on cisco's site for "router security" or take a look at Phrack issue 55, "building bastion routers": http://www.phrack.org Regards, Kent -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Dowling Sent: Wednesday, November 28, 2001 6:51 AM To: [EMAIL PROTECTED] Subject: Securing Dial up [7:27545] Hello All, I need some urgent help with tightening security on my 3660 access router. At the moment, users are authenticated during dialup with their assigned usernames and passwords. Analogue users PAP and CHAP while ISDN connections use CHAP. How can I add security using the existing IOS without going for a full blown RSA/Token solution? At this point, I just need to know what is possible. The IOS version I am running is c3660-i-mz.121-4.4.T2. Thanks for your help. Charles. [GroupStudy.com removed an attachment of type text/x-vcard which had a name of cdowling.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27560&t=27545 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]