Popular Posts

Monday 22 February 2010

How to Configuring Banner Messages on Cisco Router

This blog is created for network security review, study and understanding about network related issues only! The blog is mainly focus on Network Security Notes about Network, Network Security, Network Technology, Network Labs review related Cisco and Microsoft technology ,Network Threats, Types of Network Threats, Network Alerts, Enterprise Security Policy and Audits, Security Policy and Audits,Logical Security, Physical and Logical Security, Physical Security,Cisco Products Review, Microsoft Products review, Cisco Routers, Routers Security, Console Access, Telnet Access, Network Attack, Network Attack report, Network management, Anti-virus, Network Security with Anti-virus, and All About Network Security... Thanks for your visit!

My Previous Post: About How to Configuring Password Encryption on Cisco Router
This post: About How to Configuring Banner Messages on Cisco Router:

There are four types of banner messages:


---> Message of the Day (MOTD): Displayed at login. Useful for sending messages that affect all network users.
---> Login: Displayed after the Message of the Day banner appears and before the login
prompts.
---> EXEC: Displayed whenever an EXEC process is initiated.
---> Incoming: Displayed on terminals connected to reverse Telnet lines.

The process for configuring banner messages is fairly simple. Enter the following command in global configuration mode:

banner {exec|motd|login|incoming} [delimited character] –
[delimited character]


Here is a sample MOTD banner:

CiscoRouter#config t
Enter configuration commands, one per line. End with CNTL/Z.
CiscoRouter(config)#banner motd #
Enter TEXT message. End with the character '#'.
*****************************************************
* WARNING...WARNING...WARNING...WARNING
* YOU HAVE ACCESSED A RESTRICTED DEVICE
* USE OF THIS DEVICE WITHOUT PRIOR AUTHORIZATION
* OR FOR PURPOSES WHICH AUTHORIZATION HAS NOT BEEN
* GRANTED IS STRICTLY PROHIBITED!!!
*****************************************************
#
CiscoRouter(config)#end
CiscoRouter#


The results of setting the MOTD banner message can be seen by using the show running−config command or by logging into the router. The following is an example of logging into the router from the console port:

CiscoRouter con0 is now available
......
Press RETURN to get started.
......
******************************************************
* WARNING...WARNING...WARNING...WARNING
* YOU HAVE ACCESSED A RESTRICTED DEVICE
* USE OF THIS DEVICE WITHOUT PRIOR AUTHORIZATION
* OR FOR PURPOSES WHICH AUTHORIZATION HAS NOT BEEN
* GRANTED IS STRICTLY PROHIBITED!!!
******************************************************
CiscoRouter>


EXEC banner messages, as mentioned earlier, are invoked when a user attempts to gain access into privileged mode. Industry−standard best practices recommend configuring a MOTD banner message as well as an EXEC banner message. Working still on the same router, here's how to configure an EXEC banner to complement the MOTD banner. This can be accomplished using the following configuration:

CiscoRouter#config t
Enter configuration commands, one per line. End with CNTL/Z.
CiscoRouter(config)#banner exec #
Enter TEXT message. End with the character '#'.
*******************************************************
* WARNING...WARNING...WARNING...WARNING
* THIS IS A REMINDER...THIS IS A REMINDER
* YOU HAVE ACCESSED A RESTRICTED DEVICE
* USE OF THIS DEVICE WITHOUT PRIOR AUTHORIZATION
* OR FOR PURPOSES WHICH AUTHORIZATION HAS NOT BEEN
* GRANTED IS STRICTLY PROHIBITED!!!
*******************************************************
#
CiscoRouter(config)#end
CiscoRouter#


The results of setting the EXEC message can be seen by using the show running−config
command or by using the telnet command to remotely connect to a router with the EXEC banner enabled. The results of configuring both the MOTD banner and the EXEC banner can be seen here:

R1#telnet 192.168.10.1
Trying 192.168.10.1 ... Open
*******************************************************
* WARNING...WARNING...WARNING...WARNING
* YOU HAVE ACCESSED A RESTRICTED DEVICE
* USE OF THIS DEVICE WITHOUT PRIOR AUTHORIZATION
* OR FOR PURPOSES WHICH AUTHORIZATION HAS NOT BEEN
* GRANTED IS STRICTLY PROHIBITED!!!
23
*******************************************************
User Access Verification
Username: Visa
Password:
*******************************************************
* WARNING...WARNING...WARNING...WARNING
* THIS IS A REMINDER...THIS IS A REMINDER
* YOU HAVE ACCESSED A RESTRICTED DEVICE
* USE OF THIS DEVICE WITHOUT PRIOR AUTHORIZATION
* OR FOR PURPOSES WHICH AUTHORIZATION HAS NOT BEEN
* GRANTED IS STRICTLY PROHIBITED!!!
*******************************************************
CiscoRouter>en
Password:
CiscoRouter#


Notice that the EXEC banner is displayed after the user has passed the local authentication phase on the router.

Read more...

If you like this post, please subscribe below,thanks!

Enter your email address:

Delivered by FeedBurner

To Stay Up to date with Network Security, Please Subscribe!

Monday 8 February 2010

How to Configuring Password Encryption

This blog is created for network security review, study and understanding about network related issues only! The blog is mainly focus on Network Security Notes about Network, Network Security, Network Technology, Network Labs review related Cisco and Microsoft technology ,Network Threats, Types of Network Threats, Network Alerts, Enterprise Security Policy and Audits, Security Policy and Audits,Logical Security, Physical and Logical Security, Physical Security,Cisco Products Review, Microsoft Products review, Cisco Routers, Routers Security, Console Access, Telnet Access, Network Attack, Network Attack report, Network management, Anti-virus, Network Security with Anti-virus, and All About Network Security... Thanks for your visit!

As my previous post about How to Configure Privilege Levels for Users on Cisco Router.
Today this post I'd like to show you how to configure Password Encryption on Cisco Router.

Well, It's relatively simple to configure password encryption on Cisco routers. When password encryption is configured, all passwords that are configured on the router are converted to an unsophisticated reversible cipher. Although the algorithm that is used to convert the passwords is somewhat unsophisticated, it still serves a very good purpose. Intruders cannot simply view the password in plain text and know what the password is. To enable the use of password encryption, use the command service password−encryption.

The following example shows a router configuration prior to enabling password encryption. An enable password, a console password, and a Telnet password is configured:

CiscoRouter#show running−config
!
enable password Cisco
!
line con 0
password NetVisa
!
line vty 0 4
password Security
!

The following example shows the command you would use to enable password encryption on the router:

CiscoRouter#config t
Enter configuration commands, one per line. End with CNTL/Z.
CiscoRouter(config)#service password−encryption
CiscoRouter(config)#end
CiscoRouter#
The results of enabling password encryption can be seen in the following example. Notice that each
password is now represented by a string of letters and numbers, which represents the encrypted format of the password:

CiscoRouter#show running−config
!
enable password 7 05280F1C2243
!
line con 0
password 7 04750E12182E5E45001702
!
line vty 0 4
password 7 122A00140719051033
!


Note: Password encryption does not provide a very high level of security. There are widely available passwords crackers that can reverse the encryption. I do, however, recommend using the password encryption command on all routers. I also recommend that you take additional security measures to protect your passwords.

Read more...

If you like this post, please subscribe below,thanks!

Enter your email address:

Delivered by FeedBurner

To Stay Up to date with Network Security, Please Subscribe!