cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1123
Views
15
Helpful
10
Replies

Cisco 7613 router

asw_25
Level 1
Level 1

Hi,

What are the possible ways to access/configure a router other than CLI?

10 Replies 10

balaji.bandi
Hall of Fame
Hall of Fame

Cisco one of the good product stayed in the market for decades, those days only CLI was the only way to configure.

(CLI - SSH and Console).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty
Hall of Fame
Hall of Fame

A GUI, if supported by the device.  (Unsure a 7613 supports such, as it's considered a "pro's" level [i.e. large Enterprise or SP] device.)

SNMP can also often reconfigure a device too; your 7613 should support that.

We wanted to check whether any malicious attempts can be made by anyone to our router via anyother method bypassing local user/tacacs user. some suspicious activity is happening in our network. But its not logged anywhere.. 

SSH/Telnet, Console, SNMP, compact flash, Smart Install.

ssh/telnet/console access is via ise and SNMP RW also blocked. Is there any other ways that outsiders may come remotely?


@asw_25 wrote:
Is there any other ways that outsiders may come remotely?

Yes.  There are a lot. 

SNMP is the easiest because there are a lot of security vulnerability that a lot of operators conveniently ignore. 

Next, Smart Install is the next.  This was demonstrated when a hacker used SmartInstall against an Iranian power plant several years ago.  

You keep saying "we block SNMP".  Without even telling us what the platform is, who cares?  There are many security vulnerabilities that Cisco publishes regularly.  Some of which has elevated privileges without any authentication.  Read that carefully "elevated privileges without any authentication".  

If you have a backup of the configuration, perform a config difference between the backup config and the latest config.  

And hire a IT Security Officer.

By the the way, have you seen the output to the command "sh history all"?

I do not have much experience with 7613, but I believe that it does have options for http server and for https server. If these are enabled (which I believe is the default) then access might be possible. My impression is that this GUI is not full functional, but might allow some changes to be made. Check your config and if these are enabled then change the config to disable them. If you are not sure post the output of show run | include http.

Depending on how it is configured it is possible that SNMP could make config changes. Check your config for how SNMP is configured (or post the output of show run | include snmp).

HTH

Rick

We have both "no ip http" and "no ip http secure-server" in running config . And snmp RW also not there. Only snmp RO community string exist. 

Ah, dealing with "malicious attempts" is a somewhat different issue from what your OP was inferring (?), i.e. normal/usual/legitimate access methods.

From you later posts, it seems you've taken the "usual" steps to secure your device, but at @Leo Laohoo notes, illegitimate access might be via some security vulnerability.  The latter, though, come in two major groups, those known, with two subgroups, there's a "fix" or "no fix (yet), those unknown (e.g. like zero day exploits).

For known but no fix security vulnerabilities or unknown security vulnerabilities, we can sometime mitigate/preclude both by additionally hardening of the device, such as ACLs on all interfaces that block all traffic to the device (itself, i.e. not transit traffic) except for explicitly approved traffic types from known sources.  The latter might even be further controlled by having totally separate infrastructure that carries such traffic to/from the device, i.e. no mixing of this traffic with "ordinary" in-band transit traffic.

The forgoing possibly won't help to identify how whatever is being done that you suspect is being done, but it might block it.  Further, deep analysis into what is happening, if happening, is not a minor undertaking!  It's difficult enough to further harden a device, correctly, and its continued "care and feeding".

asw_25
Level 1
Level 1

some config changes we are observing , but its not getting captured in syslog/ise

Review Cisco Networking for a $25 gift card