Chabot College
description
Transcript of Chabot College
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Chabot CollegeChabot College
ELEC 99.08ELEC 99.08router passwords
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
passwordspasswords• enable• enable secret• console• aux• vty (telnet sessions)
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
enable passwordenable password• controls access to privileged exec mode• by default is not encrypted• can be encrypted, but with weak protocol
version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Fremont!enable password cisco enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB.
!
Enable password
No encryption of enable password
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
enable password enable password - continued- continued
• leftover from older versions of IOS• only used if the enable secret password has not been set
version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Fremont!enable password cisco enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB.
!
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
enable secret passwordenable secret password• controls access to privileged exec mode• is encrypted using the MD5 algorithm• takes precedence over enable password
version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Fremont!enable password cisco enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB.
!MD5 encryption algorithm
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
console passwordconsole password• controls access through console port• may be same or different than enable password
ip route 0.0.0.0 0.0.0.0 Serial1!line con 0 login password ciscoline aux 0 login password ciscoline vty 0 4 login password cisco !
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
aux passwordaux password• controls access through auxiliary port• may be same or different than enable or console passwords
ip route 0.0.0.0 0.0.0.0 Serial1!line con 0 login password ciscoline aux 0 login password ciscoline vty 0 4 login password cisco!
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
vty passwordvty password• controls telnet access through vty ports • may be same or different than enable, console, or aux passwords
ip route 0.0.0.0 0.0.0.0 Serial1!line con 0 login password ciscoline aux 0 login password ciscoline vty 0 4 login password cisco!
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
2 Passwords in Sequence2 Passwords in Sequence
1. Access to Router 2. Access to Privileged Mode
Console Password
Aux Password
VTY (telnet) Password
Enable Secret Password
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Password StrategiesPassword Strategies• Strategy 1
– Use a special password for enable secret.– Use the same password for all others.
• Benefits– Easy to remember
• But– Blanket access to those who know password
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Password StrategiesPassword Strategies• Strategy 2
– Use a special password for enable secret.– Use different passwords for:
• console• aux• vty 0 - 4
• Benefits– Fine-grained control
• But– Hard to remember
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Password RulesPassword Rules• Always set the enable secret password.• Never make the enable secret password the same as others that show in plain text in the config file.• If you set the enable secret password, there is no need to set the enable password, which is weak because it is not encrypted.
However, setup forces you to set an enable password.
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Strong PasswordsStrong Passwords• Never use a word in the dictionary.• Never use anything related to your name.• Ideally, use a special character or number in addition to letters.• A good method is to combine two short words with a special character:
– red$finger– proud^dog
(easy to remember, meets rules above)
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Strong PasswordsStrong Passwords• In our lab, we break the rules to set easy to remember passwords:
– enable secret: chabot– all access passwords: cisco
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
What password to telnet in?What password to telnet in?
• cats#rats
ip route 0.0.0.0 0.0.0.0 Serial1!line con 0 login password donut*houndline aux 0 login password kiss@frogline vty 0 4 login password cats#rats!
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
What password to console in?What password to console in?
• donut*hound
ip route 0.0.0.0 0.0.0.0 Serial1!line con 0 login password donut*houndline aux 0 login password kiss@frogline vty 0 4 login password cats#rats!
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
What password to connect with modem?What password to connect with modem?
• kiss@frog
ip route 0.0.0.0 0.0.0.0 Serial1!line con 0 login password donut*houndline aux 0 login password kiss@frogline vty 0 4 login password cats#rats!
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
What password to enter privilged mode?What password to enter privilged mode?
• high-hat (encrypted secret password)
version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Hayward!enable password apple&candy enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB.
!