[c-nsp] TACACS+ best practices

Affan Basalamah affanzbasalamah at gmail.com
Mon Apr 24 13:06:16 EDT 2006


Hi all,

Our network wants to deploy tacplus-based user auth for all our cisco
router. I have read all the  documentations and configuration
examples, and I feel ready for deployment, but still I want to know
something about tacplus in some subjects :

1. I used free tacplus version from cisco, installed by freebsd ports.
2. I configured user properties on tacplus.conf, and use des
encryption for user password. Do I have better alternatives with
passwd encryption, say MD5 hash ?
3. I want to configure redundand tacplus server, synchronized with
simple script.

By that configuration, do our configuration still vulnerable for
hacker/kiddies that want to get access to my router ? FYI I have
configure the router with ACL for snmp and telnet/ssh, and follow
cisco security recommendation (cymru and ciscopress books).

-affan



More information about the cisco-nsp mailing list