1 / 18

Chabot College

Chabot College. ELEC 99.08 router passwords. passwords. enable enable secret console aux vty (telnet sessions). enable password. controls access to privileged exec mode by default is not encrypted can be encrypted, but with weak protocol. version 12.0 service timestamps debug uptime

alayna
Download Presentation

Chabot College

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chabot College ELEC 99.08 router passwords

  2. passwords • enable • enable secret • console • aux • vty (telnet sessions)

  3. enable password • controls access to privileged exec mode • by default is not encrypted • can be encrypted, but with weak protocol version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Fremont ! enable password cisco enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB. ! No encryption of enable password Enable password

  4. enable password - continued • leftover from older versions of IOS • only used if the enable secret password has not been set version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Fremont ! enable password cisco enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB. !

  5. enable secret password • controls access to privileged exec mode • is encrypted using the MD5 algorithm • takes precedence over enable password version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Fremont ! enable password cisco enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB. ! MD5 encryption algorithm

  6. console password • controls access through console port • may be same or different than enable password ip route 0.0.0.0 0.0.0.0 Serial1 ! line con 0 login password cisco line aux 0 login password cisco line vty 0 4 login password cisco !

  7. aux password • controls access through auxiliary port • may be same or different than enable or console passwords ip route 0.0.0.0 0.0.0.0 Serial1 ! line con 0 login password cisco line aux 0 login password cisco line vty 0 4 login password cisco !

  8. vty password • controls telnet access through vty ports • may be same or different than enable, console, or aux passwords ip route 0.0.0.0 0.0.0.0 Serial1 ! line con 0 login password cisco line aux 0 login password cisco line vty 0 4 login password cisco !

  9. 2 Passwords in Sequence 1. Access to Router 2. Access to Privileged Mode Console Password Aux Password VTY (telnet) Password Enable Secret Password

  10. Password Strategies • Strategy 1 • Use a special password for enable secret. • Use the same password for all others. • Benefits • Easy to remember • But • Blanket access to those who know password

  11. Password Strategies • Strategy 2 • Use a special password for enable secret. • Use different passwords for: • console • aux • vty 0 - 4 • Benefits • Fine-grained control • But • Hard to remember

  12. Password Rules • Always set the enable secret password. • Never make the enable secret password the same as others that show in plain text in the config file. • If you set the enable secret password, there is no need to set the enable password, which is weak because it is not encrypted. However, setup forces you to set an enable password.

  13. Strong Passwords • Never use a word in the dictionary. • Never use anything related to your name. • Ideally, use a special character or number in addition to letters. • A good method is to combine two short words with a special character: • red$finger • proud^dog (easy to remember, meets rules above)

  14. Strong Passwords • In our lab, we break the rules to set easy to remember passwords: • enable secret: chabot • all access passwords: cisco

  15. What password to telnet in? ip route 0.0.0.0 0.0.0.0 Serial1 ! line con 0 login password donut*hound line aux 0 login password kiss@frog line vty 0 4 login password cats#rats ! • cats#rats

  16. What password to console in? ip route 0.0.0.0 0.0.0.0 Serial1 ! line con 0 login password donut*hound line aux 0 login password kiss@frog line vty 0 4 login password cats#rats ! • donut*hound

  17. What password to connect with modem? ip route 0.0.0.0 0.0.0.0 Serial1 ! line con 0 login password donut*hound line aux 0 login password kiss@frog line vty 0 4 login password cats#rats ! • kiss@frog

  18. What password to enter privilged mode? version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Hayward ! enable password apple&candy enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB. ! • high-hat (encrypted secret password)

More Related