[liberationtech] Question re Cisco auth and remote login.best-practices
Bill Woodcock
woody at pch.net
Mon Sep 23 05:07:00 PDT 2013
Doesn't scale until airlines go multicast. :-)
-Bill
> On Sep 22, 2013, at 22:39, "Paul Ferguson" <fergdawgster at mykolab.com> wrote:
>
>> On 9/22/2013 10:32 PM, Bill Woodcock wrote:
>>
>>
>> So, if we assume the worst, and figure we're just doing damage-control and minimizing a large problem, what are the best-practices to follow in configuring Cisco routers in remote locations?
>>
>> Generate max-length (4096-bit?) RSA keys on them, for the SSH sessions…
>>
>> Use remote auth to do command-by-command authorization, no level-15 logins?
>>
>> Run TACACs over IPsec? Over something else?
>
> Locally trusted human. :-)
>
> - ferg
>
>
>
> --
> Paul Ferguson
> Vice President, Threat Intelligence
> Internet Identity, Tacoma, Washington USA
> IID --> "Connect and Collaborate" --> www.internetidentity.com
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
More information about the liberationtech
mailing list