RE: Locking Cisco Router

["Christian Freas" <ChrisF () fairbankscapital com>]

This is a common issue and Cisco routers are no different than anything
else. If you have physical access you own the box.
Whether you have the skill to reset the password is a separate issue,
but all of the info necessary to do it is on the Cisco website. They
have a published password recovery plan. You need a console, and access
to the box. Short of epoxying the console port closed, there is no way
to prevent this.


-----Original Message-----
From: Chris Berry [mailto:compjma () hotmail com] 
Sent: Wednesday, November 20, 2002 4:10 PM
To: security-basics () securityfocus com
Subject: RE: Locking Cisco Router


> From: "Vik Evans" <vik () packeteye com>
> Or there is always the over-worked, in house IT person who ends up 
> forgetting the password for what ever reason - what does he do now?

Being overworked is understandable, failing to keep an encrypted copy of
all 
your passwords in case you forget is not, fire him.  (Take a look at 
PasswordSafe from www.counterpane.com 448bit blowfish encrypted storage)

However if this item is like most hardware I've worked with, there will
be a 
reset jumper or backup battery you can mess with inside the case that
will 
clear all of the memory.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"And here in our server room you can see our Beowolf Cluster of C64's
that 
keeps our enterprise on the very cutting edge of technology."

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail