Console and VTY
Because the "service password-encryption" is not set on RouterA, so the password to access privileged mode (via the command "enable password cisco") is unencrypted. Also, the password for VTY is unencrypted (notice that the password "cis@clr!" is unencrypted).
The banner is not appropriate and provides information on the router, which can be considered as a security threat. The banner login, is supposed to be a permanent "do not enter if you dont belong message".
In the line vty 0 4? configuration, the password is not encrypted.
a. We can telnet from line 0 to line 4 (line vty 0 4).
b. We can use both telnet and SSH to connect to this router.
c. By default, the timeout is set to 10 minutes on both the console and the vty ports.
d. NAT Console password is not encrypted.
a. Privilege mode on RouterA is protected with unencrypted password (via "enable password" command)
b. It is the default exec time-out.
c. The password of VTY lines is configured in plain text. It is a good practice to encrypt passwords.
d. The config command username cisuser privilege 15 password 0 Cisco enables one to enter highest privileged mode. This may be a security risk. It is recommended to configure multiple levels of privileges.
Each Telnet port is known as a virtual terminal. There are a maximum of five virtual terminal (VTY) ports, allowing five concurrent Telnet sessions. Please note that the communication server provides more VTY ports. The virtual terminal ports are numbered from 0 through 4.
The console and auxiliary ports on Cisco IOS routers and switches are asynchronous serial ports and use asynchronous protocols such as PPP, SLIP, and ARA.
The Cisco router can be configured from many locations.
1. Console port: During the initial installation, you configure the router from a console terminal connected to the "Console port" of the router.
2. Virtual Terminals (vty): A virtual terminal (vty) is typically accessed through Telnet. A router can be accessed through vty after the initial installation in the network. There are five virtual terminals, namely, vty0,vty1,vty2,vty3,vty4.
3. Auxiliary Port: you can configure a router through auxiliary port. Typically, a modem is used to configure the modem through aux port.
4. TFTP Server: Configuration information can be downloaded from a TFTP server over the network.
5. NMS (Network Management Station): You can also manage router configuration through NMS such as CiscoWorks or HP OpenView.
The auxiliary password is used to set the password for the auxiliary port.
Assuming that you are at # prompt, the sequence of commands are:
RouterA(config)#line aux 0
Now you are set with a password <password>. Type "<ctrl>Z " to take you to the # prompt or "exit" to go back to global configuration "RouterA(config)#" prompt.
Telnet, HTTP, HTTPS, SSH, SCP,TFTP
Telnet is a terminal emulation program for TCP/IP networks such as the Internet. The Telnet program runs on your computer and connects your PC to a server on the network. You can then enter commands through the Telnet program and they will be executed as if you were entering them directly on the server console. This enables you to control the server and communicate with other servers on the network. To start a Telnet session, you must log in to a server by entering a valid username and password. Telnet is a common way to remotely control Web servers.
FTP is the abbreviation of File Transfer Protocol, the protocol used on the Internet for sending files.
SSH (Secure SHell) is a protocol for remotely logging into a machine via a shell. It is very similar in functionality to telnet, however unlike telnet, all data between the client and server is encrypted.
SCP is Secure CoPy, a protocol to allow you to transmit files from one machine to another with the encryption benefits of SSH. Most SSH clients include SCP capability. In the future, we will be disabling FTP due to the same security problems as telnet, and at that time SCP will be one way for you to transfer files between machines. When we get closer to disabling FTP, more information on this will be made available.
TFTP can be used to download configuration files. However, note that TFTP (Trivial File Transfer Protocol) is known as unreliable protocol since it does not incorporate any error correction and packet sequencing. TFTP does not use passwords and hence considered insecure.