[c-nsp] Deactive password recovery feature

David Freedman david.freedman at uk.clara.net
Tue Aug 2 14:25:35 EDT 2005 

Sure, I believe the objective of the feature is to protect the
configuration of the device from your customers prying eyes.

Obviously Cisco wouldn't like to prevent people resetting the NVRAM back
to factory defaults as if they couldn't, the router becomes a rather
expensive brick.

If you are serious about stopping customers getting access to the
machine then you may as well fill the console and aux ports with
epoxy resin :)


Dave.

Ted Mittelstaedt wrote:
> It also doesen't work.  At least, it doesen't work with the stated goal
> of deactivating password recovery.  It does work with the stated goal of
> deactivating password recovery for idiots.
> 
>>From the URL that you cited:
> 
> "To recover a device once the No Service Password-Recovery feature has
> been enabled, press the Break key within 5 seconds after the image
> decompresses during the boot"
> 
> Now, if the goal is to prevent someone from reading your startup
> configuration, then yes, this does work - because the startup-config
> is erased if you do the break key within 5 seconds and confirm it.
> 
> And if the goal is to keep low-grade morons out of your router by
> pulling the break during boot procedure, then yes, it does work.
> 
> But if the goal is to render the router inoperable if you get hit
> by a bus and your the only one who knows the password for the router,
> or your getting fired tomorrow and you want to screw your employer
> on the way out, then no, Cisco has more compassion for the administrators
> who are going to be stuck with this device after your gone, than
> you do.
> 
> Ted
> 
>>-----Original Message-----
>>From: cisco-nsp-bounces at puck.nether.net
>>[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of David Freedman
>>Sent: Tuesday, August 02, 2005 7:53 AM
>>To: cisco-nsp at puck.nether.net
>>Subject: Re: [c-nsp] Deactive password recovery feature
>>
>>
>>http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/
>>123newft/123limit/123y/123ya8/ftnsvpwd.htm
>>
>>This has been in previous releases but has been hidden.
>>
>>I believe its hardware dependant.
>>
>>Dave.
>>
>>
>>Adell Shahini wrote:
>>> In the name of God
>>> Hi Dear
>>> Any one can help me how I can deactive password recovery on
>>cisco routers .
>>>
>>> (Can I solve this problem via Config-register ? )
>>>
>>>
>>> Best Regards .
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list