RE: Securing Dial up [7:27545]

Wed, 28 Nov 2001 12:19:10 -0800 

Charles,

There's not much middle ground between using username/password and One Time
Passwords (OTP) such as SecurID, Skey, etc.  The only thing you can do to
make the use of username/password stronger is to pick _very_ good passwords.
Make the pwd's at least 8 chars and pick special chars, things like
$,%,^,!,{,], etc.

You can make the passes easier to remember by choosing certain special
characters to substitute for certain letters, for example you can subsitute
$ for s and make the pwd "slipstring" into "$lip$tring" and increase the
difficulty of a password guessing program cracking the pwd by orders of
magnitude.

Other than that, OTP is the way to go and much stronger than any userid/pwd
combo.  I would also not allow the use of PAP, it's pretty rare for someone
to tap a phone line to get a userid/pwd, but why take the chance.  Require
the use of CHAP.

BTW, I assume based on your query that your only looking for ways to
increase the user authentication strength. There are lots of things you can
do to secure the router itself.  You can search on cisco's site for "router
security" or take a look at Phrack issue 55, "building bastion routers":
http://www.phrack.org

Regards,
Kent


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Charles Dowling
Sent: Wednesday, November 28, 2001 6:51 AM
To: [EMAIL PROTECTED]
Subject: Securing Dial up [7:27545]


Hello All,

I need some urgent help with tightening security on my 3660 access
router.  At the moment, users are authenticated during dialup with their
assigned usernames and passwords.  Analogue users PAP and CHAP while
ISDN connections use CHAP.

How can I add security using the existing IOS without going for a full
blown RSA/Token solution?  At this point, I just need to know what is
possible.  The IOS version I am running is  c3660-i-mz.121-4.4.T2.

Thanks for your help.
Charles.

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of cdowling.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27560&t=27545
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to