tailieunhanh - Router Security Configuration Guide phần 7
Khi SNMPv1 được phát triển, nó đã được ban đầu dự định được một giải pháp ngắn hạn (từ xa) quản lý mạng. Như vậy, nó đã được phát triển một cách nhanh chóng và an ninh mạnh mẽ không phải là một yêu cầu. Tuy nhiên, vì nó là giao thức quản lý mạng duy nhất có sẵn tại thời điểm đó, | Router Security Configuration Guide Here is an example of setting up local username and password and AAA default login authentication parameters. The default method list designates RADIUS Central config username joeadmin password 0 G0oD9pa 8 Central config aaa authentication login default radius local One note about method lists for aaa authentication whatever method is first in the list controls whether the authentication procedure will prompt for a username or not. If the first method in the list is line or enable then any additional method which requires a username will automatically fail. When designing your method lists decide whether to use usernames and passwords preferred or to use just a password highly discouraged . For accounting purposes you should use the methods which allow for usernames and assign each administrator a distinct username. In a more complex scenario where a more limited set of administrators have access to the console line first create the default list. The default list should be for the limited set of administrators should apply to the console line only and should use the local user database. Accounting records can still be sent to the security server but the security server s authorization capabilities can not be used since no authentication records will be sent to the security server. The second list should be a named method list and should be applied to the appropriate lines including VTY lines to allow additional administrators remote access to the router. For the named method list which will primarily use the security server authorization should be used to control the larger set of administrators. The following is a recommended configuration for using a RADIUS security server and the local user database as described above. Central config username annadmin password 0 G oD9pa 8 Central config username joeadmin password 0 3MiaB-JKJ Central config aaa authentication login default local Central config aaa authentication login .
đang nạp các trang xem trước