Home page logo

nanog logo nanog mailing list archives

Re: Cisco, haven't we learned anything? (technician reset)
From: "william(at)elan.net" <william () elan net>
Date: Thu, 12 Jan 2006 17:52:07 -0800 (PST)

On Thu, 12 Jan 2006, Jay Hennigan wrote:

What should really be done (BCP for manufactures ???) is have default
password based on unit's serial number. Since most routers provide this
information (i.e. its preset on the chip's eprom) I don't understand
why its so hard to just create simple function as part of software to use this data if the password is not otherwise set.

The old-school Cisco way works for me. Default is no password if you have physical access, but no remote access.

That works too and is most secure way.

But its often enough that small offices would not have person who can fix the system and its not always possible to get network guy to come in right
a way. It is good for those cases to be able to ask somebody onsite to just
look at the back and dictate the serial# by phone.

William Leibzon
Elan Networks
william () elan net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]