When setting up a HA link you need to be aware that with out the encryption enabled, your HA traffic is in the clear.
What this means, anybody who creative can sniff traffic and gather information. Here's what the cli cmd diag sniffer packet port_ha "port 23" shows
You would think a security outfit would never use telnet
Enabling encryption for the ha configuration is a must & is available from the CLI only.
Ken
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
Your tip is amazing. Even more amazing after you check that official hardening chapter does not mention this weak at all...
ReplyDelete