[j-nsp] Password Recovery
Stacy W. Smith
stacy at acm.org
Sun Nov 27 23:57:38 EST 2005
On Nov 27, 2005, at 7:04 PM, Thomas Salmen wrote:
>
> I should have mentioned this in my original post: this box is
> actually a
> J-series in a not-completely-secure customer/POP site.
>
> I don't know a great deal about the J-series physical
> construction - I assume that config is stored on internal flash
> rather than
> a CF card or hard drive?
The primary boot media, which also stores the config, on a J-series
router is a CF card inserted in the rear of the chassis. This CF card
is behind a metal cover with thumbscrew. Physical access makes it
trivial to remove the CF card.
Of course, neither password recovery nor CF card removal can be
accomplished without temporarily disrupting operation of the router.
That could easily be detected with remote monitoring.
Physical access ALWAYS makes it possible for someone malicious to
disrupt operation of the local router. It's just a matter of whether
the malicious person needs a paper clip or a hammer to get the job
done. If this is truly a risk you are concerned about, physically
secure the router (along with cabling and power).
You seem most concerned about mis-configuration disrupting operation.
While that's a valid concern, it seems unlikely that password
recovery and/or physical access are the avenues that lead to that mis-
configuration.
--Stacy
More information about the juniper-nsp
mailing list