Home page logo

nanog logo nanog mailing list archives

Re: Cisco, haven't we learned anything? (technician reset)
From: Jay Hennigan <jay () west net>
Date: Thu, 12 Jan 2006 17:40:36 -0800

william(at)elan.net wrote:

Actually, and fairly recently, this IS a default password in IOS. New out-of-box 28xx series routers have cisco/cisco installed as the default password with privilege 15 (full access). This is a recent development.

This is hardly only cisco's problem. Most office routers I've dealt with
also come with default username/password and on occasions when I dealt
with  existing installation those passwords have rarely been changed.

True. However I much prefer the old way that Cisco did it. No default passwords on the box at all. But, no remote administration at all until a password was set on the console.

Now, there is a default cisco/cisco. Newbie admin creates a new user/pass, tests thinks it's secure, fails to remove the default, game over.

What should really be done (BCP for manufactures ???) is have default
password based on unit's serial number. Since most routers provide this
information (i.e. its preset on the chip's eprom) I don't understand
why its so hard to just create simple function as part of software to use this data if the password is not otherwise set.

The old-school Cisco way works for me. Default is no password if you have physical access, but no remote access.

Jay Hennigan - CCIE #7880 - Network Administration - jay () west net
NetLojix Communications, Inc.  -  http://www.netlojix.com/
WestNet:  Connecting you to the planet.  805 884-6323

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]