One possible vector of attack on infrastructure is network devices, especially edge devices. If an attacker gains access to the device's shell and executes an attack, it could result in prolonged downtime of services, or even the entire infrastructure. So it's important to know what actions you can take to protect your device!
In this article, let's cover the basics and background on user management in a router!
User customisation
If you don't have sufficient resources than you can perform actions on powerful cloud servers. Serverspace provides isolated VPS / VDS servers for common and virtualize usage.
Classically any configuration starts in the CLI starts with a view of current users and capabilities. The command will show the list of currently authenticated users:
You can also view a list of ever created:
Suppose we need to create a new account for a network engineer, for this we will switch to privilege mode:
After that we will write the command to activate the configuration mode and create a user with the parameters:
user user1
password <value>
privilege 15
exit
exit
commit
confirm
By writing the command, user user1, we created a new user, who then has a password. Then privilege level 15, which indicates that he has maximum privileges, as we needed an administrator. But if you need to create a user with lower privileges, you can specify a lower level. After that we exit the configuration and confirm the changes with the commands commit and confirm.
Pay attention to the line with privileges or privilege, which indicates that certain rights are allocated to the user at level 15. To understand what rights should be granted to a user and at what level, you can use the official documentation, which describes each of them.
It seems that the password in the previous task is too easy to bruteforce, let's change it to a more complex one:
password NEW-strong-P@sS
In the example only a template is given, so it is desirable to create a more complex sequence of 18 characters or more of different characters of different characters and case.
Let's try authenticating through a new user using the console, log out of the current session and log in with new creds. And also make sure that the users are authenticated:
Let's remove an old one that is not needed, which might have been lodged in our router OS after one of the engineers was fired. After all, this is also an attack vector:
no user user1
Enough, a short command allows you to remove the user, after which don't forget to apply the settings! Remember that you can only perform this action with a certain privilege level. Keep your account data in a safe place!