Cisco Device Security Flashcards
What mode is this in?
hostname#
Privileged Exec Mode
What mode is this in?
hostname>
User Exec Mode
What mode is this in?
hostname(config)#
Global Configuration Mode
What three different levels are there for basic line level security?
- Console
- Virtual Terminal VTY
- Privileged Exec Mode
What line number is the console at always?
0
What is a basic Telnet Configuration?
- Switch(config)#int vlan 1 (You can use a different management VLAN here if you want)
- Switch(config-if)#ip address {ip-address} {subnet}
- Switch(config-if)#no shutdown
- Switch(config-if)#exit
- Switch(config)#ip default-gateway {default-gateway-address}
- R1(config)#line vty 0 15
- R1(config-line)#password {password}
- R1(config-line)#login
What is the default inactivity timeout for administrators on Cisco Devices?
10 minutes
How would you configure a timeout to not be enforced?
no-exec-timeout
How would you configure a timeout of 15 minutes and 30 seconds?
exec-timeout 15 30
What configuration can you use to control who gets access to Telnet and SSH Sessions?
- R1(config)#access-list 1 permit host 10.0.0.10
- R1(config)#line vty 0 15
- R1(config-line)#login
- R1(config-line)#password {password}
- R1(config-line)#access-class 1 in
What command can you use to ensure that all passwords are encryped and not in plain text?
service password-encryption
How would you configure a Telnet session to use individual usernames and passwords instead of a generic global one?
- R1(config)#username {username} secret {password} (This sets the username and password which we’ll use below when we invoke login local
- R1(config)#line console 0
- R1(config-line)#login local
- R1(config)#line vty 0 15
- R1(config-line)#login local
How many privilege levels of admin access are there on Cisco devices?
16 (0-15)
By default, what 3 levels of privilege are used?
Zero
User
Privileged
What does zero-level access provide?
5 commands only (logout, enable, disable, help and exit)
What does User Level 1 access provide?
Very limited read only access to the device
What does privilege level 15 provide?
Complete control over the device
What level of access would this command have?
R1(config)#username {username} secret {secret}
Level 1 Access
How do you enable SSH?
- R1(config)#ip domain-name {domain-name}
- R1(config)#crypto key generate rsa
How do you configure SSH after enabling it?
- R1(config)#line vty 0 15
- R1(config-line)#transport input ssh
- R1(config-line)#login local
- R1(config)#ip ssh version 2
What is the command from a CMD to login via SSH
ssh -l {username} {ip-address}
What AAA stand for?
Authentication, Authorization and Accounting
What is Cisco’s AAA Server called?
ISE (Indentity Services Engine)
Commonly used for end user level services, such as VPN
Radius