As a network professional once you must be familiar with how to secure the Cisco Devices (router and switches) in possible ways either it is console-based, enable password, enable security or router auxiliary password. When the devices are to be accessed remotely it is required to configure Line password, while console password is required when the device is to be accessed through the console, keep in mind the first time devices are accessed through the console.
Setting a password on a network device should be the fundamental aim, not only a password but it should be a very strong password consisting of both alpha-numeric values and symbols.
In order to configure the console password, use the following command.
Encrypting the password
Remember that by default CISCO devices did not encrypt the password and in case someone gets access to router configuration file all the password can be seen. In order to encrypt the password, use the following command in configuration mode.
Router # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
How to protect the auxiliary port
The auxiliary port is used for connecting the device to an external modem, it is used to get dial-in access to the router, in order to protect the auxiliary port, use the following command.
Router# configure terminal
Router(config)#line aux 0
Router(config-line) #password C!SCO
How to protect VTY ports (Telnet ports)
VTY lines are virtual terminal lines that are being used to access the router remotely either through telnet or SSH. The Cisco router has sixteen (0-15) VTY lines enabling the 16 concurrent connection to be established.
How to protect privileged mode
Privilege password is used in order to protect access to privileged mode.
As the best security measure enables password command should not be used the reason behind it is that it used vigenere Cipher (a very simple algorithm) that can be cracked very easily.
If you are creating users do not use the command R1(config)# username abc password C! SC0 rather use R1(config)#username ABC secret C! SC0.
Enable secret provides better security as the password is encrypted by using the level-5 irreversible algorithm like MD5.
Timeout for router-lines
to logout, the user from in-active line either from the console, auxiliary, or VTY the timeout for the line can be configured “exec-timeout minute second” command will terminate the in-active connection.
Router(config)#line vty 0 5
Router(config-line)#exec-timeout 5 20
Download How to Configure Password on Cisco Devices? in pdf – Click here