Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2220
Views
0
Helpful
2
Replies

IP HTTPS Secure-Server

Go to solution
Aaron.Pittenger
Level 1
Level 1

‎03-30-2017 07:38 AM

Hey everyone,

I'm looking for any 'official' Cisco documentation recommending for/ against enabling IP HTTP Secure-Server (not  IP HTTP server).

I have a bunch of network switches at a customer site that need mapped and documented.  They are on an internal network (not internet facing) and are currently only accessible via SSH.  I'd like to use Cisco Network Assistant to help with the effort, but my customer is hesitant to enable HTTP Secure-Server due to security concerns.  I am looking for documentation to support/ refute this.

Thanks,
Aaron

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-30-2017 08:37 AM

In their device hardening guide, Cisco recommends secure management sessions as follows (emphasis added):

Encrypt Management Sessions

  

Because information can be disclosed in an interactive management session, this traffic must be encrypted so that a malicious user cannot gain access to the data that is transmitted. Traffic encryption allows a secure remote access connection to the device. If the traffic for a management session is sent over the network in cleartext, an attacker can obtain sensitive information about the device and the network.

  

An administrator is able to establish an encrypted and secure remote access management connection to a device with the SSH or HTTPS (Secure Hypertext Transfer Protocol) features. Cisco IOS software supports SSH Version 1.0 (SSHv1), SSH Version 2.0 (SSHv2), and HTTPS that uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for authentication and data encryption. SSHv1 and SSHv2 are not compatible. SSHv1 is insecure and not standardized, so it is not recommended if SSHv2 is an option.

Source: http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html#anc34

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-30-2017 08:37 AM

In their device hardening guide, Cisco recommends secure management sessions as follows (emphasis added):

Encrypt Management Sessions

  

Because information can be disclosed in an interactive management session, this traffic must be encrypted so that a malicious user cannot gain access to the data that is transmitted. Traffic encryption allows a secure remote access connection to the device. If the traffic for a management session is sent over the network in cleartext, an attacker can obtain sensitive information about the device and the network.

  

An administrator is able to establish an encrypted and secure remote access management connection to a device with the SSH or HTTPS (Secure Hypertext Transfer Protocol) features. Cisco IOS software supports SSH Version 1.0 (SSHv1), SSH Version 2.0 (SSHv2), and HTTPS that uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for authentication and data encryption. SSHv1 and SSHv2 are not compatible. SSHv1 is insecure and not standardized, so it is not recommended if SSHv2 is an option.

Source: http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html#anc34

0 Helpful

Go to solution
Aaron.Pittenger
Level 1
Level 1

‎03-30-2017 12:57 PM

Thank you again Marvin!  Exactly what I needed - I just couldn't find it.

0 Helpful
Customers Also Viewed These Support Documents