[c-nsp] No Service Password Recovery
Jay Hennigan
jay at west.net
Wed Nov 17 18:33:07 EST 2010
On 11/17/10 2:10 PM, Skeeve Stevens wrote:
> Hey all,
>
> I've been googling and ciscocom searching and have found nothing so far.
>
> I was to 'no service password-recovery' on a old Catalyst 2924. Does anyone know of a way?
>
> It is in a delicate environment and it doesn't support 'secret', so if its password recovered people would be able to crack the 'password' level passwords.
If the bad guys have access to its power cord and console port, it's
pretty much game over anyway, but you can mitigate with...
* AAA to a remote tacacs+ server.
* Sync with NTP and use RANCID to track config changes and/or last save.
* Unique passwords for that device.
* It should support enable secret even if not password secret.
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the cisco-nsp
mailing list