On Mon, 14 Jan 2002, Rick Brown wrote: > I'm trying to tighten security behind my firewall and > thought you guys might be able to give me some > feedback. I've got an all Cisco infrastructure and I > want to secure access to the switches and routers. > Should I use TACACS+ or SSH? I need something free
If you've got a one-time password scheme, you'd get more value from that than securing the transport layer. The only pain is in having to wait a minute between login and enable if you're using SecurID. With reusable passwords, security the transport layer will probably be more productive. Don't forget that you can use access lists to limit access to infrastructure, especially routers. > (or close to it) because the bean counters are being > tight. Also, what's the best way to secure SNMP? We As well as the obvious community string and writable MIB issues, there have been a few flaws in common implementations. I prefer to do things like that out of band if I have to use them. Obvously that generally requires an architecture change. > use Novell's eDirectory and so it would be nice to > find something that could work with LDAP but that may > asking for too much. Could IPSec be used to secure > any of this? Thanks! IPSec could, but it's pretty resource-intensive for most low-level devices like smaller routers. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
