Configuring Internal Cisco Router Security


Network security is a hot topic today, and its importance will continue to grow in the months and years to come.

While the focus is on outside threats, there are steps you can take to prevent unwanted access to the Cisco router from your business.

Whether you want to limit what some users can do and run on your routers, or prevent unauthorized users from your organization from entering configuration mode in the first place, here are four simple but important steps to follow.

Encrypt passwords in your current configuration.

This is a basic security command from the Cisco router that is often overlooked. There is no point in setting passwords for your ISDN or Telnet connection if anyone who can see your router's current configuration can see the passwords. By default, these passwords are displayed in clear text in your running configuration.

A simple command occupies it. In global configuration mode, execute the encryption of the service password. This command will encrypt all clear passwords in your current configuration.

Set a password for the console.

If I entered your network room now, can I sit down and start configuring your Cisco routers?

If this is the case, you must set a password for the console. This password is a fundamental but important step in limiting access to the router on your network. Switch to line configuration mode with the "line con 0" command and set a password with the password command.

Limit the capabilities of the user with privilege level commands.

Everyone who has access to your routers should not be able to do everything they want. With judicious use of privilege levels, you can limit the commands that users can execute on your routers.

Privilege levels can be a little awkward at first, but with practice, you'll tie your routers as close as you want. Visit for documentation on configuring privilege levels.

Set a "enable secret" password.

It is not uncommon for me to see a router with a password for the activation mode, but in clear text.

By using "enable secret", the password of the activation mode will be automatically encrypted. Do not forget that if you have an activation password and that a secret activation password is set on the same router, the activation password secret has priority.

These four basic steps will help prevent unwanted access to the router from your network. If only preventing problems outside your network was so simple!

Comments are closed.