- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2013 06:58 AM - edited 03-10-2019 12:08 AM
Hi everybody,
I should provide the highest level security on C2821-VSEC-CCME/K9. Is it enough to logging through SSH-2 RSA only, 1024, password strength: 8 symbols, No CAPS letters, numbers, special symbols, password example [sdf^&*89]?
line vty 0 4
exec-timeout 60 0
transport input ssh
line vty 5 15
transport input ssh
Should I create MAC base Access-List on cisco router?
Should I use login with the highest security level options: SSH-2 RSA only, 2048, password strength: XX symbols, CAPS and small letters, numbers, special symbols, password example [sdf^&*89Ad@#34s_Ds!@27&#]?
Is it paranoia which has nothing with real life or it is recommended practice?
Please, advice. Thank you very much.
Solved! Go to Solution.
- Labels:
-
Other Security Topics
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2013 03:11 AM
to additional protection
I do so
access-list 23 permit any log
line vty 0 4
access-class 23 in
line vty 5 15
access-class 23 in
login on-failure log
login on-success log
this will syslog all connection attempts
archive
log config
logging enable
hidekeys
this will syslog all comands
ssh itself can be easyly decoded when man in the midle attack

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2013 09:39 PM
do you want to connect from LAN or from internet?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2013 12:48 AM
I want to connect from Internet in 95%. Thank you.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2013 03:11 AM
to additional protection
I do so
access-list 23 permit any log
line vty 0 4
access-class 23 in
line vty 5 15
access-class 23 in
login on-failure log
login on-success log
this will syslog all connection attempts
archive
log config
logging enable
hidekeys
this will syslog all comands
ssh itself can be easyly decoded when man in the midle attack
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2013 05:01 AM
ttemirgaliyev,
Thank you very much.
These options are really essential:
syslog all connection attempts
syslog all comands
What do you think about the MAC base Access-List for SSH Loggin on a cisco router?
Is it importan also or I should skip this option?
Thank you very much again.
#131104_1413_ i2_nwlVstCisSecConSecShe_ohmg
