Network security can be tricky sometimes. You always want to follow best practices and ensure that those evil network hackers stay out of your beautiful network. But many times you find that those same tactics you’ve used for keeping out the Riff-Raff has also locked you out of your own devices.
Network Security isn’t just about access
Security on your routers or switches doesn’t mean just the log in’s. There are multiple areas that you need to make sure are secured on your router or switch:
- Authentication for access
- Authentication for routing protocols (neighbors)
- Authentication for VTP (VTP passwords)
- Authentication for tacacs (AAA)
- Authentication for tunnels (shared keys)
just to name a few…
All of these can make you want to pull your hair out if they don’t work.
I can’t help you with your own internal network security policies but I can offer a few tips when setting up key exchanges that may help cut down on the number of simple mistakes made when securing your network devices.
Network Security for Padawan Learners
Its very common for many engineers (both systems and network) to create passwords for their devices they manage. Often times they try to make them more memorable by taking a word and changing the spelling to replace similar letter shapes with other characters of the same shape. This is also known as l33t speak. For example, replacing the letter “s” with a number “5” or a “$” .
The real human issue comes when an engineer decides to replace a letter with another character that can some tmes be impossible to tell from the original. For example replacing the letter “o” with the number “0” (zero) or replace a lower case “l” with a number “1” (one) or a capital letter “I”. Depending on the font you are using, these characters can be indistinguishable from each other.
As Obi Wan once said to Luke – “Your eyes can deceive you; don’t trust them.”
Here’s an exercise to see if you can tell how these are spelled differently:
One example above uses a zero the other uses a letter o.
I’ve actually run into this exact scenario before and it sucked. Try not to use similar characters or characters that are so similar you can’t tell them apart.
Another common sense tip is don’t use spaces. The password “Cisco” and the password “Cisco ” are completely different but will look exactly the same in your console.
These are some common sense tips for network security that you would think people would know better, but believe it or not, these issues are still very common.