Serverspace Black Friday
JT
October 25, 2024
Updated October 25, 2024

Eltex router: user configuration

Linux Networks

One possible vector of attack on infrastructure is network devices, especially edge devices. If an attacker gains access to the device's shell and executes an attack, it could result in prolonged downtime of services, or even the entire infrastructure. So it's important to know what actions you can take to protect your device!

In this article, let's cover the basics and background on user management in a router!

User customisation

If you don't have sufficient resources than you can perform actions on powerful cloud servers. Serverspace provides isolated VPS / VDS servers for common and virtualize usage.

Create Server
Screenshot №1 — Create Server

Classically any configuration starts in the CLI starts with a view of current users and capabilities. The command will show the list of currently authenticated users:

show user
List of users
Screenshot №2 — List of users

You can also view a list of ever created:

show running-config | include username
Short list of user
Screenshot №3 — Short list of user

Suppose we need to create a new account for a network engineer, for this we will switch to privilege mode:

enable

After that we will write the command to activate the configuration mode and create a user with the parameters:

config
user user1
password <value>
privilege 15
exit
exit
commit
confirm
New user
Screenshot №4 — New user

By writing the command, user user1, we created a new user, who then has a password. Then privilege level 15, which indicates that he has maximum privileges, as we needed an administrator. But if you need to create a user with lower privileges, you can specify a lower level. After that we exit the configuration and confirm the changes with the commands commit and confirm.

Pay attention to the line with privileges or privilege, which indicates that certain rights are allocated to the user at level 15. To understand what rights should be granted to a user and at what level, you can use the official documentation, which describes each of them.

List of privileges
Screenshot №5 — List of privileges

It seems that the password in the previous task is too easy to bruteforce, let's change it to a more complex one:

user user1
password NEW-strong-P@sS

In the example only a template is given, so it is desirable to create a more complex sequence of 18 characters or more of different characters of different characters and case.

New password
Screenshot №6 — New password

Let's try authenticating through a new user using the console, log out of the current session and log in with new creds. And also make sure that the users are authenticated:

show user
New User
Screenshot №7 — Check user

Let's remove an old one that is not needed, which might have been lodged in our router OS after one of the engineers was fired. After all, this is also an attack vector:

config
no user user1

Enough, a short command allows you to remove the user, after which don't forget to apply the settings! Remember that you can only perform this action with a certain privilege level. Keep your account data in a safe place!

Vote:
5 out of 5
Аverage rating : 5
Rated by: 1
33145 North Miami, FL 2520 Coral Way apt 2-135
+1 302 425-97-76
700 300
ITGLOBAL.COM CORP
700 300

You might also like...

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.