Re: TACACS and Telnet
Why not use TACACS along with something like SecureID? A know of a large client that does it. One plus is that everyone that touches the network infrastructure get a different ID, so changes are logged by time and person. I don't know everything so if someone can think of a good reason the whole telnet session should be encrypted, let me know. Piatnitchi Cristian <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all > > I intend to setup TACACS+ authentication for all our network devices and > I need to understand the following question: > > Is the telnet authentication sequence encrypted ? I am asking about the > situation > when the net. device is set up to work with TACACS+. > If it isn't what should I do to have a secure connection during the > authentication phase. > > I have to say that I use an IP connection not PPP. (It's just a simple > Telnet session from our internal LAN) > > In my opinion it is not a secure session but I would like to be a secure one > and I don't know how to set it. > I will be waiting for your advice. > > Thanks in advance > Cristian > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS and Telnet
Kerberized telnet is supported in some feature sets, since 11.2, maybe earlier. You can also use the Kerberos mechanism to do SSO (sign on to the Kerberos server, and use Kerberos credentials to connect to all your routers, without logging in (into an enabled session, if you like). MIT Kerberos is available in BSD, most Linux, Sun, or you can compile it yourself from MIT source, if you like. Getting the router configured is the easy part, though. Kerberos, although tricky to get running, is a lot better than it was a few years ago -- mostly from Kerberos being the core of Win2k security. Note also that Kerberos doesn't do any authorization, only authentication. If anyone wants more info, feel free to ping me offlist. -jon- -Original Message- From: Piatnitchi Cristian [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 03, 2001 2:56 AM To: '[EMAIL PROTECTED]' Subject: RE: TACACS and Telnet Is there any other solution for a secure communication/session with a remote router/switch ? Thanks in advance Cristian -Original Message- From: Piatnitchi Cristian [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 03, 2001 12:19 PM To: 'Adam Quiggle'; Piatnitchi Cristian; '[EMAIL PROTECTED]' Subject: RE: TACACS and Telnet Hi Adam Thanks for the link. Now the question is clear for me. Yes is is true ssh is supported starting with IOS 12 but IOS 12.1 not IOS 12.0 Is the upgrade free from a version to a higher one. I mean from 12.0 to 12.1 ? Thanks for help. Cristian -Original Message- From: Adam Quiggle [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 03, 2001 11:22 AM To: Piatnitchi Cristian; '[EMAIL PROTECTED]' Subject: Re: TACACS and Telnet Cristian, Good question! No your telnet session is not secure. When you type in your password you are sending it across the network in clear text. However, the session that is used between your router and the TACACS server is encrypted using the shared key that you define when you setup TACACS. If you want secure communications using a telnet like session you will have to use SSH. I believe it was implemented in IOS 12.0, but I could be wrong. Just remember that you will have to have a SSH client in order to use SSH to communicate with your router. Here is a link for more info. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t1/sshv1.htm (watch the wrap) HTH, AQ At 03:47 AM 1/3/01, Piatnitchi Cristian wrote: >Hi all > >I intend to setup TACACS+ authentication for all our network devices and >I need to understand the following question: > >Is the telnet authentication sequence encrypted ? I am asking about the >situation >when the net. device is set up to work with TACACS+. >If it isn't what should I do to have a secure connection during the >authentication phase. > >I have to say that I use an IP connection not PPP. (It's just a simple >Telnet session from our internal LAN) > >In my opinion it is not a secure session but I would like to be a secure one >and I don't know how to set it. >I will be waiting for your advice. > >Thanks in advance >Cristian > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS and Telnet
Is there any other solution for a secure communication/session with a remote router/switch ? Thanks in advance Cristian -Original Message- From: Piatnitchi Cristian [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 03, 2001 12:19 PM To: 'Adam Quiggle'; Piatnitchi Cristian; '[EMAIL PROTECTED]' Subject: RE: TACACS and Telnet Hi Adam Thanks for the link. Now the question is clear for me. Yes is is true ssh is supported starting with IOS 12 but IOS 12.1 not IOS 12.0 Is the upgrade free from a version to a higher one. I mean from 12.0 to 12.1 ? Thanks for help. Cristian -Original Message- From: Adam Quiggle [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 03, 2001 11:22 AM To: Piatnitchi Cristian; '[EMAIL PROTECTED]' Subject: Re: TACACS and Telnet Cristian, Good question! No your telnet session is not secure. When you type in your password you are sending it across the network in clear text. However, the session that is used between your router and the TACACS server is encrypted using the shared key that you define when you setup TACACS. If you want secure communications using a telnet like session you will have to use SSH. I believe it was implemented in IOS 12.0, but I could be wrong. Just remember that you will have to have a SSH client in order to use SSH to communicate with your router. Here is a link for more info. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t1/sshv1.htm (watch the wrap) HTH, AQ At 03:47 AM 1/3/01, Piatnitchi Cristian wrote: >Hi all > >I intend to setup TACACS+ authentication for all our network devices and >I need to understand the following question: > >Is the telnet authentication sequence encrypted ? I am asking about the >situation >when the net. device is set up to work with TACACS+. >If it isn't what should I do to have a secure connection during the >authentication phase. > >I have to say that I use an IP connection not PPP. (It's just a simple >Telnet session from our internal LAN) > >In my opinion it is not a secure session but I would like to be a secure one >and I don't know how to set it. >I will be waiting for your advice. > >Thanks in advance >Cristian > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS and Telnet
Cristian, If you are asking me if the IOS upgrade is free or not, that I couldn't answer. It all depends upon how you like to pay the piper. :-) If you have smartnet maintenance, then I think it is free. If not you will probably have to purchase it. I am no expert in this area, maybe someone who works for a reseller can help you out here .Bueller? Bueller? anyone? ;-) Later, AQ At 05:18 AM 1/3/01, Piatnitchi Cristian wrote: >Hi Adam > >Thanks for the link. Now the question is clear for me. >Yes is is true ssh is supported starting with IOS 12 but IOS 12.1 not >IOS 12.0 >Is the upgrade free from a version to a higher one. I mean from 12.0 to 12.1 >? > >Thanks for help. >Cristian > > >-Original Message- >From: Adam Quiggle [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, January 03, 2001 11:22 AM >To: Piatnitchi Cristian; '[EMAIL PROTECTED]' >Subject: Re: TACACS and Telnet > > >Cristian, > >Good question! No your telnet session is not secure. When >you type in your password you are sending it across the network >in clear text. However, the session that is used between your >router and the TACACS server is encrypted using the shared key >that you define when you setup TACACS. > >If you want secure communications using a telnet like session >you will have to use SSH. I believe it was implemented in IOS 12.0, >but I could be wrong. Just remember that you will have to have >a SSH client in order to use SSH to communicate with your router. > >Here is a link for more info. > >http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 >t/121t1/sshv1.htm >(watch the wrap) > >HTH, >AQ > >At 03:47 AM 1/3/01, Piatnitchi Cristian wrote: > >Hi all > > > >I intend to setup TACACS+ authentication for all our network devices and > >I need to understand the following question: > > > >Is the telnet authentication sequence encrypted ? I am asking about the > >situation > >when the net. device is set up to work with TACACS+. > >If it isn't what should I do to have a secure connection during the > >authentication phase. > > > >I have to say that I use an IP connection not PPP. (It's just a simple > >Telnet session from our internal LAN) > > > >In my opinion it is not a secure session but I would like to be a secure >one > >and I don't know how to set it. > >I will be waiting for your advice. > > > >Thanks in advance > >Cristian > > > > > >_ > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > >** > Adam Quiggle > Senior Network Engineer > MCI Worldcom/NOC/BP Amoco > [EMAIL PROTECTED] >** > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS and Telnet
Sorry I was wrong it seems to be supported starting with 12.0(5)S. My questions is still up. How about the upgrade ? Thanks Cristian -Original Message- From: Piatnitchi Cristian Sent: Wednesday, January 03, 2001 12:19 PM To: 'Adam Quiggle'; Piatnitchi Cristian; '[EMAIL PROTECTED]' Subject: RE: TACACS and Telnet Hi Adam Thanks for the link. Now the question is clear for me. Yes is is true ssh is supported starting with IOS 12 but IOS 12.1 not IOS 12.0 Is the upgrade free from a version to a higher one. I mean from 12.0 to 12.1 ? Thanks for help. Cristian -Original Message- From: Adam Quiggle [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 03, 2001 11:22 AM To: Piatnitchi Cristian; '[EMAIL PROTECTED]' Subject: Re: TACACS and Telnet Cristian, Good question! No your telnet session is not secure. When you type in your password you are sending it across the network in clear text. However, the session that is used between your router and the TACACS server is encrypted using the shared key that you define when you setup TACACS. If you want secure communications using a telnet like session you will have to use SSH. I believe it was implemented in IOS 12.0, but I could be wrong. Just remember that you will have to have a SSH client in order to use SSH to communicate with your router. Here is a link for more info. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t1/sshv1.htm (watch the wrap) HTH, AQ At 03:47 AM 1/3/01, Piatnitchi Cristian wrote: >Hi all > >I intend to setup TACACS+ authentication for all our network devices and >I need to understand the following question: > >Is the telnet authentication sequence encrypted ? I am asking about the >situation >when the net. device is set up to work with TACACS+. >If it isn't what should I do to have a secure connection during the >authentication phase. > >I have to say that I use an IP connection not PPP. (It's just a simple >Telnet session from our internal LAN) > >In my opinion it is not a secure session but I would like to be a secure one >and I don't know how to set it. >I will be waiting for your advice. > >Thanks in advance >Cristian > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS and Telnet
Hi Adam Thanks for the link. Now the question is clear for me. Yes is is true ssh is supported starting with IOS 12 but IOS 12.1 not IOS 12.0 Is the upgrade free from a version to a higher one. I mean from 12.0 to 12.1 ? Thanks for help. Cristian -Original Message- From: Adam Quiggle [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 03, 2001 11:22 AM To: Piatnitchi Cristian; '[EMAIL PROTECTED]' Subject: Re: TACACS and Telnet Cristian, Good question! No your telnet session is not secure. When you type in your password you are sending it across the network in clear text. However, the session that is used between your router and the TACACS server is encrypted using the shared key that you define when you setup TACACS. If you want secure communications using a telnet like session you will have to use SSH. I believe it was implemented in IOS 12.0, but I could be wrong. Just remember that you will have to have a SSH client in order to use SSH to communicate with your router. Here is a link for more info. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t1/sshv1.htm (watch the wrap) HTH, AQ At 03:47 AM 1/3/01, Piatnitchi Cristian wrote: >Hi all > >I intend to setup TACACS+ authentication for all our network devices and >I need to understand the following question: > >Is the telnet authentication sequence encrypted ? I am asking about the >situation >when the net. device is set up to work with TACACS+. >If it isn't what should I do to have a secure connection during the >authentication phase. > >I have to say that I use an IP connection not PPP. (It's just a simple >Telnet session from our internal LAN) > >In my opinion it is not a secure session but I would like to be a secure one >and I don't know how to set it. >I will be waiting for your advice. > >Thanks in advance >Cristian > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS and Telnet
Cristian, Good question! No your telnet session is not secure. When you type in your password you are sending it across the network in clear text. However, the session that is used between your router and the TACACS server is encrypted using the shared key that you define when you setup TACACS. If you want secure communications using a telnet like session you will have to use SSH. I believe it was implemented in IOS 12.0, but I could be wrong. Just remember that you will have to have a SSH client in order to use SSH to communicate with your router. Here is a link for more info. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t1/sshv1.htm (watch the wrap) HTH, AQ At 03:47 AM 1/3/01, Piatnitchi Cristian wrote: >Hi all > >I intend to setup TACACS+ authentication for all our network devices and >I need to understand the following question: > >Is the telnet authentication sequence encrypted ? I am asking about the >situation >when the net. device is set up to work with TACACS+. >If it isn't what should I do to have a secure connection during the >authentication phase. > >I have to say that I use an IP connection not PPP. (It's just a simple >Telnet session from our internal LAN) > >In my opinion it is not a secure session but I would like to be a secure one >and I don't know how to set it. >I will be waiting for your advice. > >Thanks in advance >Cristian > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
