North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco, haven't we learned anything? (technician reset)

  • From: Jay Hennigan
  • Date: Thu Jan 12 20:42:14 2006 
william(at)elan.net wrote:




Actually, and fairly recently, this IS a default password in IOS. New
out-of-box 28xx series routers have cisco/cisco installed as the
default password with privilege 15 (full access). This is a recent
development.


This is hardly only cisco's problem. Most office routers I've dealt with
also come with default username/password and on occasions when I dealt
with  existing installation those passwords have rarely been changed.




True. However I much prefer the old way that Cisco did it. No default
passwords on the box at all. But, no remote administration at all until
a password was set on the console.



Now, there is a default cisco/cisco. Newbie admin creates a new
user/pass, tests thinks it's secure, fails to remove the default, game
over.




What should really be done (BCP for manufactures ???) is have default

password based on unit's serial number. Since most routers provide this

information (i.e. its preset on the chip's eprom) I don't understand

why its so hard to just create simple function as part of software to
use this data if the password is not otherwise set.



The old-school Cisco way works for me. Default is no password if you
have physical access, but no remote access.



--

Jay Hennigan - CCIE #7880 - Network Administration - [email protected]

NetLojix Communications, Inc. - http://www.netlojix.com/

WestNet: Connecting you to the planet. 805 884-6323