TACACS+ or RADIUS and syslog. Turn on AAA (authentication, authorization and accounting) and you will have a record of every command issued and who issued it (plus granular level control on who can do what commands!). I would certainly advise against the tftp/RCS route due to the complete lack of security on tftp... Don ----- Original Message ----- From: "Thad Horak" <thadhorakat_private> To: <forensicsat_private> Sent: Wednesday, September 04, 2002 3:27 PM Subject: Router Investigations > I've been tasked to add to our existing incident > handling process a methodology to investigate our > Cisco routers and switches. I've found a few documents > when searching on google, but it seems that most > people just want to teach this through a course. Can > anyone suggest any documents that they written or > found helpful? Many thanks. > > Thad > > __________________________________________________ > Do You Yahoo!? > Yahoo! Finance - Get real-time stock quotes > http://finance.yahoo.com > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Sep 08 2002 - 10:45:26 PDT