Disable Telnet... NOW, KID!

Started by deanwebb, March 20, 2017, 03:25:09 PM

Previous topic - Next topic

icecream-guy

Quote from: SimonV on March 22, 2017, 09:08:49 AM

On the Cisco Licensing Portal (www.cisco.com/go/license) you can request for free "K9" encryption licenses. As a requirement, you need to accept and declare that you are not exporting Cisco's product to embargoed destinations and countries designated as supporting terrorist activities. Countries listed in Part 746 of the EAR as embargoed destinations requiring a clearance are Cuba, Iran, North Korea, Sudan, and Syria.

I think that's just for the ASA"s because one cannot telnet into an ASA.
:professorcat:

My Moral Fibers have been cut.

SimonV

#16
This is where I got that quote from:

https://learningnetwork.cisco.com/thread/1914

I'm really not convinced that you have to pay a license fee to get SSH

deanwebb

Quote from: ristau5741 on March 22, 2017, 10:47:00 AM
one cannot telnet into an ASA.


:haha2:

Let an unaccountable third party manage your network for 10 years and you'll see all kinds of ASAs using telnet.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

Quote from: ristau5741 on March 22, 2017, 10:47:00 AM
Quote from: SimonV on March 22, 2017, 09:08:49 AM

On the Cisco Licensing Portal (www.cisco.com/go/license) you can request for free "K9" encryption licenses. As a requirement, you need to accept and declare that you are not exporting Cisco's product to embargoed destinations and countries designated as supporting terrorist activities. Countries listed in Part 746 of the EAR as embargoed destinations requiring a clearance are Cuba, Iran, North Korea, Sudan, and Syria.

I think that's just for the ASA"s because one cannot telnet into an ASA.....

....on the outside interface.

I stand corrected.
:professorcat:

My Moral Fibers have been cut.

NetworkGroover

Quote from: deanwebb on March 22, 2017, 08:31:22 AM
Quote from: AspiringNetworker on March 21, 2017, 04:09:57 PM
They CHARGE to run SSH!?  Sorry it's been a while since I've dealt with anything Cisco.

And yeah, at the time I'm sure it made sense - hopefully now people know it's just a bad idea and maybe you should spend the extra $$$.  Or just accept the risk.

We'll accept the risk.

Wow, that was much easier on the budget than paying for security. Anywhere else we can accept some risk?

:oracle:

;D ;D ;D ;D ;D ;D

You sir, are ready for a highly-paid CFO position.
Engineer by day, DJ by night, family first always