Wednesday, May 23, 2012

SECUIRITY


  • 3 Modes to access the user mode is:
        • CONSOLE
        • AUX
        • TELNET
  • Simple user mode CLI password protection
      • line con 0
      •   login
      •   password cisco
      • line vty 0 15
      •   login
      •   password cisco
    • these passwords are stored as clear text in the configuration
    • these passwords are encrypted by  service password-encryption command
      • service password-encryption
      • line console 0
      •     password 7 "type pass here"
      •    login
      • line vty 0 4
      •     password 7 "type pass here"
      •     login
    • after service password-encryption command is added to configuration, all clear text passwords in the running configuration are changed to an encrypted value.
    • Untill copy run start , passwords in startup config are not encrypted.
    • no service password-encryption command cannot automatically decrypt the encrypted passwords.
    • This type encryption is weak, using some public tools can easily decrypt the passwords.