OSPF Authentication– Clear Text vs MD5. What is the difference?

 

 

Grimnar’s Black Fangs. Magingald IV.

 

<<<.//TRNMSN.SEC.CH.412-a.\>>>

…buffering…

 

“The importance of security is paramount, Brother Captain. You must implement the right type of Authentication on our OSPF links. Our secure channels must stay open while we are besieged or all will be lost. The heretics will attempt to compromise your network and you must strengthen our defenses. Praise the Emperor and see you on the other side. Fang Leader Grimnar out”

 

image

 

OSPF authentication is setup under the interface. The command ip ospf authentication enables clear text authentication. Next command specifies the key, in this case cisco. The neighbors with expire due to authentication mismatch.

 

image

 

Now the same is configured on the opposite link and the neighbors agree on authentication and establish a neighbor relationship.

 

image

 

The command show ip ospf interface serial 0/0 shows that Simple password authentication is enabled.

 

image

 

Dangers lurk from beyond the void. If heretics manage to infiltrate the network a simple packet capture could be all that stops them from joining the OSPF process and tampering with your links. This capture of a OSPF hello packet shows the Auth Type: Simple Password. Also shows the Auth Data: cisco captured from the Hex information. 636973636f000000 translates into cisco. This is bad and a major security flaw that Fang Leader Grimnar wanted addressed.

 

image

The ip ospf authentication message-digest command initiates MD5 hashing on the pass key.

The passkey of cisco is set below with the ip ospf message-digest-key 1 md5 cisco

 

image

This is replicated on the other end of the link. The link expires and then comes back online using the MD5 key.

 

image

Above is verification of the implementation of the MD5 key.

 

image

 

Show above is the packet capture of the MD5 key in use. Before it had the plain text key of cisco clearly visible. Now there is Auth Type : Cryptographic which states cryptography is being used. Auth Data this time is hashed. No easy password extraction this time.

 

image

Here is the show running config of the router. Look there. Although we are using MD5 authentication out password is still visible. If the heretics broke into our config our Chapters passwords would be compromised.

 

image

This command will hash and ‘hide’ the passwords we using throughout our routers. Any password stored in clear text will be hashed.

 

image

As mentioned prior, the clear text passwords are now stored in a more secure fashion.

 

As our landing party has made it’s beachhead we now have established secure communication between our landing craft and the landing zone. Well done Brothers. This day is for the Emperor.

Recent Purchases – February 2011

Here is a quick look at some recent purchases. Some are Cisco Related and others aren’t.

 

 

 

IMAG0187

 

Redemption Corps by Rob Sanders

Warrior Priest by Darius Hinks

Towers of Midnight by Robert Jordan and Brandon Sanderson. Book 13 of The Wheel of Time.

 

Some delicious Fantasy to keep me busy in my spare time.

 

IMAG0188

 

Also a new purchase as a part of the Foundation Learning Library. My god, It is a big big book. Seriously dangerous if reading when tired in bed. Extremely thorough thus far and not as dry as I had expected.