Page 467

Managing Network Devices

427

Control direct access to network equipment. Creating and locking
server and network rooms is only the beginning of your access policy.
You need to buy and install locking racks that stop unauthorized users
or administrators from gaining direct access to hardware.

Secure network links by providing the same type of security for the
wiring and network closets that you provide for the physical devices.

Passwords

Passwords are probably the most important aspect of security on your net-
work. Change your passwords frequently and make sure they are not easy-
to-decipher passwords such as your wife's or husband's name or even the
name of one of your kids. Family names are typically used as passwords
because they are easy to remember. However, people trying to break into
your network or a piece of equipment know this as well.

Because there are many different ways to access and configure Cisco rout-

ers, passwords need to be set on all possible access points. To do this, you
must know what they are. Remember, there are really only two ways to enter
a Cisco router or switch:

Out-of-band management includes the console and auxiliary ports.
Set passwords on both of these physical ports. By default, no pass-
words are set and anyone can connect and manage the devices. "Out-
of-band" comes from "managing the device out of the network."

In-band management includes Telnet, TFTP servers, and Network
Management Stations (NMSs). These access points do not allow
access by default, but passwords should still be applied. "In-band"
comes from "managing the device from within the network."

Setting Router Passwords

There are five types of passwords used to secure your Cisco routers. The first
two set your enable password, which is used to secure privileged mode. This
will prompt a user for a password when the command enable is used. The
other three are used to configure a password when user mode is accessed
through the console port, the auxiliary port, or via Telnet.

www.sybex.com