[c-nsp] disable break on boot for IOS??
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Jul 13 17:27:24 EDT 2009
Hi,
> I have a situation with a former employee who still has legitimate
> physical access to a shared space where we have some Cisco equipment. Today
> one of our field guys located a UBR924 attached to our cable modem plant
> with the cutest little rogue Linux machine attached to its ethernet port.
do you have any proof on the install time of this box?
it could have been a legitimate install done during their time
at your place - and may have been used for eg remote access login
during times of issue - especially if the place has draconian
law about supported/allowed devices. i have several Linux boxes
that have saved my bacon countless times with their serial
interface.
> I recall that a machine can be set such that the break during boot will
> not permit password recovery, but it isn't clear to me how I do it. I'd
disabling password recovery? its a one-way process - once done there is no way
back.... TACACS+ authentication is a way to handle all authentication
via vty/con/etc. if password recovery mech is set there is no way to unset it
without a visit to the factory.
> really like to get this machine secured so I can dig in to what he is doing.
grab the linux box and use many of the boot CD methods to get access.
read the shell history, see the tools present etc.
alan
More information about the cisco-nsp
mailing list