Therefore, if someone executed show run
during a clear-text Telnet session, the protocol analyzer would display the password. However, if service password-encryption
is used, the password would be encrypted even during the same clear-text Telnet session.
Note
Passwords configured prior to configuring the service password-encryption command will not be encrypted. For the
passwords to be encrypted, they must be reentered into the configuration after the service password-encryption
command is issued.
ROMMON Security
Bypassing device configuration and allowing complete access to the device can be achieved following a very simple and welldocumented
procedure. Physical or console access is required to the device so it can reboot or power cycle to perform the
procedure. Cisco IOS software provides a password recovery procedure that relies on gaining access to ROMMON. To access
ROMMON mode, the break key sequence needs to be entered on the keyboard within 60 seconds of reboot.
In ROMMON mode, the router software can be reloaded, at which time a new system configuration is prompted that includes new password.
The password recovery procedure enables anyone with console access the ability to access the router and its network.
Pages:
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120