Home / Configuration Tips / Network Security / Network Security – Your eyes can deceive you; don’t trust them.

Network Security – Your eyes can deceive you; don’t trust them.

network securityNetwork security can be tricky sometimes. You always want to follow best practices and ensure that those evil network hackers stay out of your beautiful network.   But many times you find that those same tactics you’ve used for keeping out the Riff-Raff has also locked you out of your own devices.

Network Security isn’t just about access

Security on your routers or switches doesn’t mean just the log in’s.  There are multiple areas that you need to make sure are secured on your router or switch:

  • Authentication for access
  • Authentication for routing protocols (neighbors)
  • Authentication for VTP (VTP passwords)
  • Authentication for tacacs (AAA)
  • Authentication for tunnels (shared keys)

just to name a few…

All of these can make you want to pull your hair out if they don’t work.

I can’t help you with your own internal network security policies but I can offer a few tips  when setting up key exchanges that may help cut down on the number of simple mistakes made when securing your network devices.

Network Security for Padawan Learners

Its very common for many engineers (both systems and network) to create passwords for their devices they manage. Often times they try to make them more memorable by taking a word and changing the spelling to replace similar letter shapes with other characters of the same shape.  This is also known as l33t speak.   For example, replacing the letter “s” with a number  “5” or a “$” .

The real human issue comes when an engineer decides to replace a letter with another character that can some tmes be impossible to tell from the original. For example replacing the letter “o” with the number “0” (zero) or replace a lower case “l” with a number “1” (one) or a capital letter “I”.  Depending on the font you are using, these characters can be indistinguishable from each other.

As Obi Wan once said to Luke – “Your eyes can deceive you; don’t trust them.”

Here’s an exercise to see if  you can tell how these are spelled differently:

"Cisco"

"Cisc0"

One example above uses a zero the other uses a letter o.

I’ve actually run into this exact scenario before and it sucked.  Try not to use similar characters or characters that are so similar you can’t tell them apart.

Another common sense tip is don’t use spaces. The password “Cisco” and the password “Cisco ” are completely different but will look exactly the same in your console.

These are some common sense tips for network security that you would think people would know better, but believe it or not, these issues are still very common.

About Joe

Senior Network Engineer, technology enthusiast, guitar and bass player. Joe Wilson is the creator of RouterFreak.com as well as other niche websites that can be found around on the Internets.

Check Also

software defined network attacks

9 Types of Software Defined Network attacks and how to protect from them

Article Contents1 Traditional vs. Software-defined Networks2 Software Defined Network attacks3 Nine types of attacks in …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.