Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Question re Cisco auth and remote login.best-practices

Bill Woodcock woody at pch.net
Mon Sep 23 05:07:00 PDT 2013


Doesn't scale until airlines go multicast.  :-)

    
                -Bill


> On Sep 22, 2013, at 22:39, "Paul Ferguson" <fergdawgster at mykolab.com> wrote:
> 
>> On 9/22/2013 10:32 PM, Bill Woodcock wrote:
>> 
>> 
>> So, if we assume the worst, and figure we're just doing damage-control and minimizing a large problem, what are the best-practices to follow in configuring Cisco routers in remote locations?
>> 
>> Generate max-length (4096-bit?) RSA keys on them, for the SSH sessions…
>> 
>> Use remote auth to do command-by-command authorization, no level-15 logins?
>> 
>> Run TACACs over IPsec?  Over something else?
> 
> Locally trusted human. :-)
> 
> - ferg
> 
> 
> 
> -- 
> Paul Ferguson
> Vice President, Threat Intelligence
> Internet Identity, Tacoma, Washington  USA
> IID --> "Connect and Collaborate" --> www.internetidentity.com
> -- 
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.


More information about the liberationtech mailing list