Security

Security is paramount in networking. Your network acts as the gateway to your domain. Industry standards call for the deployment of specialized equipment and devices such as firewalls to ensure security. Despite this, it's advisable to understand how to configure basic security on your SROS device. The SROS is equipped with the functionality to connect to RADIUS or TACACS+ servers for accounting, authorization, and authentication. Additionally, you have SNMP tools like the NPF that handle AAA for SROS if deployed in conjunction. The focus of this course will be to assist you in configuring and deploying users with password and access constraints. Filters will be addressed in a later chapter.

For configuring users, deploy the code below.

"configure system security

user Netnich

password "some_complex_phrase"

access console ftp snmp li

console

 member administrative

exit

Logs are crucial for any device, proving extremely useful for security and troubleshooting. The SROS family includes predefined system logs, specifically logs 99 and 100. The SROS logs encompass five main event types:

1. Main - Events related to applications not categorized under other event types/sources.
2. Security - Events associated with attempts to compromise system security.
3. Change - Events linked to the configuration and operation of the node.
4. Debug - Events concerning trace or other debugging information.
5. LI - Although not required for the exam, these logs are also present.

for the exam, you are ok to list 4 event sources. Main, Security, Change and Debug. 

LOG Destinations

Logs can be saved to various destinations:

1. Console: sent to any devise connected to the console. recall that the console is also a system of communication. 
2. Syslog: Saved to a remote server, adhering to industry standards.
3. SNMP: Another industry standard where an SNMP system collects and stores the logs.
4. File: The log is saved to a file in the local CF3 directory.
5. Memory: Stored in memory and accessible via the log ID. It will be purged as the memory fills up. A memory log operates as a circular buffer; when full, the oldest log entry is overwritten by the new one.
6. Sessions: A temporary log destination that directs entries to the active telnet or SSH session for its duration. Upon session termination, such as user logout, the "to session" configuration is removed. While event logs with a session destination are stored in the configuration file, the "to session" part is not. Event logs can direct entries to the session destination.