[28384] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: ABOVE.NET SECURITY TRUTHS?

daemon@ATHENA.MIT.EDU (Alec H. Peterson)
Fri Apr 28 17:11:28 2000

Message-ID: <3909FD5E.48EDEAF5@hilander.com>
Date: Fri, 28 Apr 2000 15:06:38 -0600
From: "Alec H. Peterson" <ahp@hilander.com>
MIME-Version: 1.0
To: Paul Froutan <pfroutan@rackspace.com>
Cc: rmeyer@mhsc.com, nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu

Paul Froutan wrote:
> 
> I don't think you can.  However, I use TACACS on all my switches and
> routers.  From what I know, TACACS passwords are encrypted using the key on
> your network devices and the TACACS server.  So, that, in combination with
> a private management LAN not accessible by your customers should lock down
> your network pretty effectively.  Any comments?

Using TACACS+ with some sort of one-time-passwording works very well.

Alec

-- 
Alec H. Peterson - ahp@hilander.com
Staff Scientist
CenterGate Research Group - http://www.centergate.com
"Technology so advanced, even _we_ don't understand it!"


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[28384] in North American Network Operators' Group

Re: ABOVE.NET SECURITY TRUTHS?

daemon@ATHENA.MIT.EDU (Alec H. Peterson)Fri Apr 28 17:11:28 2000

daemon@ATHENA.MIT.EDU (Alec H. Peterson)
Fri Apr 28 17:11:28 2000