[liberationtech] Question re Cisco auth and remote login best-practices
Paul Ferguson
fergdawgster at mykolab.com
Sun Sep 22 22:38:47 PDT 2013
On 9/22/2013 10:32 PM, Bill Woodcock wrote:
>
> So, if we assume the worst, and figure we're just doing damage-control and minimizing a large problem, what are the best-practices to follow in configuring Cisco routers in remote locations?
>
> Generate max-length (4096-bit?) RSA keys on them, for the SSH sessions…
>
> Use remote auth to do command-by-command authorization, no level-15 logins?
>
> Run TACACs over IPsec? Over something else?
>
Locally trusted human. :-)
- ferg
--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington USA
IID --> "Connect and Collaborate" --> www.internetidentity.com
More information about the liberationtech
mailing list