[28389] in North American Network Operators' Group
Re: ABOVE.NET SECURITY TRUTHS?
daemon@ATHENA.MIT.EDU (Travis Pugh)
Fri Apr 28 17:35:45 2000
Date: Fri, 28 Apr 2000 17:16:22 -0400 (EDT)
From: Travis Pugh <tpugh@shore.net>
To: "Alec H. Peterson" <ahp@hilander.com>
Cc: Paul Froutan <pfroutan@rackspace.com>, rmeyer@mhsc.com,
nanog@merit.edu
In-Reply-To: <3909FD5E.48EDEAF5@hilander.com>
Message-ID: <Pine.GSO.4.21.0004281713560.13872-100000@stonecoast>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
SecurID and ACE/Server work pretty well.
-travis
On Fri, 28 Apr 2000, Alec H. Peterson wrote:
>
> Paul Froutan wrote:
> >
> > I don't think you can. However, I use TACACS on all my switches and
> > routers. From what I know, TACACS passwords are encrypted using the key on
> > your network devices and the TACACS server. So, that, in combination with
> > a private management LAN not accessible by your customers should lock down
> > your network pretty effectively. Any comments?
>
> Using TACACS+ with some sort of one-time-passwording works very well.
>
> Alec
>
> --
> Alec H. Peterson - ahp@hilander.com
> Staff Scientist
> CenterGate Research Group - http://www.centergate.com
> "Technology so advanced, even _we_ don't understand it!"
>
>
