North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ABOVE.NET SECURITY TRUTHS?
Hank Nussbacher wrote: > > TACACS encryption won't help if you follow the Cisco Essential IOS Features > (v 2.82 - Feb 18, 2000). On page 45 they discuss router command auditing > and recommend: > > aaa accounting command 15 start-stop tacacs+ > > Unfortunately, this will log in your syslog the password commands in > cleartext. You would have to be sure that the Unix/NT system you are > logging all Cisco commands to is as secure as your router. How many of you > run ISS/Cybercop/Netrecon scans every week on your logging servers to be > sure they are secure? Hrm, that's odd, since I was using TACACS+ accounting a while ago (that exact command actually) and it never logged any passwords that I entered... Alec -- Alec H. Peterson - [email protected] Staff Scientist CenterGate Research Group - http://www.centergate.com "Technology so advanced, even _we_ don't understand it!"
|