Thursday, July 17, 2014

Cisco Configuration Cheat Sheet - Part 2: More security

 h/t Omar Noory
Security is important (no, critical) to the success of a network. The cartoon on the right is the first image macro stating what is now known as an axiom of Internet life:
"Haters gonna hate"
 The phrase is used to dismiss hateful speech (often called trolling) on the Internet, especially in anonymous forums. But it's implications go much further. More people connected to the Internet means greater diversity and flow of ideas and possibly greater Democracy. It also means a greater diversity of bad behavior like trolling and hacking. People that have been into computers for a long time wish for the old days when everyone on the Internet could be trusted. Those days are gone and that's for the better.

The complexity of networks makes them resemble living things. Like living things they are constantly under threat and those threats will test their defenses and adapt. Networks, therefore, must be adaptable, resilient and self-healing. Our bodies have developed immunity to viruses in order to preserve our lives and our genes, but the defense isn't perfect and, as we now know, viruses are key drivers of human evolution. Without the viruses (and the damage they cause) we would not grow. That's true for networks, too.

So in celebration of hackers, here's something you can do to keep them out. Keep your sessions secure by doing some basic configuration:

// Make sure passwords are good passwords 
// (8 is not enough!)
(config)# security password min-length 12 

// Don't let people guess at will or they 
// will use automated bots to guess
(config)# login block-for 120 attempts 3 within 60

// Logout after a while so someone can't hijack your 
// terminal while you're at lunch
(config)# line vty 0 15
(config-line)# exec-timeout 10 

No comments:

Post a Comment