Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ABOVE.NET SECURITY TRUTHS?

  • From: Alec H. Peterson
  • Date: Sun Apr 30 10:39:21 2000

Hank Nussbacher wrote:
> 
> TACACS encryption won't help if you follow the Cisco Essential IOS Features
> (v 2.82 - Feb 18, 2000).  On page 45 they discuss router command auditing
> and recommend:
> 
> aaa accounting command 15 start-stop tacacs+
> 
> Unfortunately, this will log in your syslog the password commands in
> cleartext.  You would have to be sure that the Unix/NT system you are
> logging all Cisco commands to is as secure as your router.  How many of you
> run ISS/Cybercop/Netrecon scans every week on your logging servers to be
> sure they are secure?

Hrm, that's odd, since I was using TACACS+ accounting a while ago (that
exact command actually) and it never logged any passwords that I entered...

Alec

-- 
Alec H. Peterson - ahp@hilander.com
Staff Scientist
CenterGate Research Group - http://www.centergate.com
"Technology so advanced, even _we_ don't understand it!"





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.