Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
280
Views
0
Helpful
4
Replies

which two of the three method allow you to avoid eavesdropping traffic when you are managing device

Tagir Temirgaliyev
Spotlight
Spotlight

‎01-27-2017 12:28 AM - edited ‎03-12-2019 01:50 AM

ssh

oob

snmpv3

I really can not understatnd

Labels:
0 Helpful
4 Replies 4

Pulkit Saxena
Cisco Employee
Cisco Employee

‎01-27-2017 01:20 AM

Tagir,

Any such way of management which is encrypted will help in avoiding eavesdropping.

a) SSH is encrypted and is a good option, and that is why preferred over telnet.

b) OOB depend what kind of management it is, usually it is also using SSL so secure for example, CSM.

c) SNMPv3 ideally has the encryption feature, so we can even go for that.

Overall, I would say it depends from network to network and our requirement to use the correct option.

-

Pulkit

0 Helpful

Tagir Temirgaliyev
Spotlight
Spotlight
In response to Pulkit Saxena

‎01-27-2017 03:19 AM

Thank you Pulkit,

b) OOB usually (serial) rollower cable from laptop to consol port of device.

I really can not understatnd 

which two of the these three methods allow you to avoid eavesdropping traffic when you are managing device

0 Helpful

Pulkit Saxena
Cisco Employee
Cisco Employee
In response to Tagir Temirgaliyev

‎01-27-2017 03:48 AM

Tagir,

By OOB, i though you meant third party management devices, however, serial/console is fine as cable is connected directly, between laptop and the device. So no one can sniff in.

However, it is always good to use management options which are encrypted, like SSH and even SNMPv3.

Console can always act as the backup option, if in case if we loose remote access.

-

Pulkit

Please rate helpful posts. 

0 Helpful

Karsten Iwen
VIP
VIP

‎01-29-2017 03:27 AM

Is it for an exam? I would consider all three answers correct:

  • ssh: uses encryption to protect the data
  • snmp v3: doesn't encrypt the data by default, but when choosing the "priv" mode, it is also encrypted.
  • oob: Using an OOB connection to the device doesn't say anything about the encryption. It still could be unencrypted like telnet. But OOB typically assumes that there is a dedicated network that can't be accessed by the attacker. If you take this assumption as true, you are protected against eavesdropping. But typically you would also use cryptographically protected communication through an OOB-connection.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card