|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Cisco, haven't we learned anything? (technician reset)
I've been pretty happy with Cisco ACS - fairly solid, good reporting, once set up it seems to Just Work. John On Thu, Jan 12, 2006 at 11:00:10AM -0800, Bill Nash wrote: > > > Just as an offshoot discussion, what's the state-of-the-art for AAA > services? We use an modified tacacs server for multi-factor > authentication, and are moving towards a model that supports > single-use/rapid expiration passwords, with strict control over when and > how local/emergency authentication can be used. > > I'd be interested in that discussion, on or offlist. > > - billn > > On Thu, 12 Jan 2006, Rob Thomas wrote: > > > > >Hi, NANOGers. > > > >] On the other hand, the most common practice to hack routers today, is > >] still to try and access the devices with the notoriously famous default > >] login/password for Cisco devices: cisco/cisco. > > > >This is NOT a default password in the IOS. The use of "cisco" as > >the access and enable passwords is a common practice by users, but > >it isn't bundled in the IOS. I've heard it began in training > >classes, where students were taught to use "cisco" as the > >passwords. > > > >Oh, and for those of you who think it mad leet to use "c1sc0" as > >your access and enable passwords, the miscreants are on to that as > >well. ;) > > > >We've seen large, massively peered and backbone routers owned > >through this same technique. We've even seen folks who have > >switched to Juniper, yet continue to use "cisco" as the login and > >password. :( > > > >The nice thing about cooking up blame is that there is always > >enough to serve everyone. > > > >Thanks, > >Rob. > >-- > >Rob Thomas > >Team Cymru > >http://www.cymru.com/ > >ASSERT(coffee != empty); > >
|