What access mode of command line interface will be more suitable to perform remote configurations on the router in secure manners?
Network infrastructure devices often provide a range of different access mechanisms, including console and asynchronous connections, as well as remote access based on protocols such as Telnet, rlogin, HTTP, and SSH. Some mechanisms are typically enabled by default with minimal security associated with them; for example, Cisco IOS software-based platforms are shipped with console and modem access enabled by default. For this reason, each infrastructure device should be carefully reviewed and configured to ensure only supported access mechanisms are enabled and that they are properly secured.
The key steps to securing both interactive and management access to an infrastructure device are:
• Restrict Device Accessibility
Limit the accessible ports, restrict the permitted communicators and restrict the permitted methods of access.
• Present Legal Notification
Display legal notice, developed in conjunction with company legal counsel, for interactive sessions.
• Authenticate Access
Ensure access is only granted to authenticated users, groups, and services.
• Authorize Actions
Restrict the actions and views permitted by any particular user, group, or service.
• Ensure the Confidentiality of Data
Protect locally stored sensitive data from viewing and copying. Consider the vulnerability of data in transit over a communication channel to sniffing, session hijacking and man-in-the-middle (MITM) attacks.
• Log and Account for all Access
Record who accessed the device, what occurred, and when for auditing purposes.