Cisco, haven't we learned anything? (technician reset)

• Previous message (by thread): Cisco, haven't we learned anything? (technician reset)
• Next message (by thread): Cisco, haven't we learned anything? (technician reset)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just as an offshoot discussion, what's the state-of-the-art for AAA 
services? We use an modified tacacs server for multi-factor 
authentication, and are moving towards a model that supports 
single-use/rapid expiration passwords, with strict control over when and 
how local/emergency authentication can be used.

I'd be interested in that discussion, on or offlist.

- billn

On Thu, 12 Jan 2006, Rob Thomas wrote:

>
> Hi, NANOGers.
>
> ] On the other hand, the most common practice to hack routers today, is
> ] still to try and access the devices with the notoriously famous default
> ] login/password for Cisco devices: cisco/cisco.
>
> This is NOT a default password in the IOS.  The use of "cisco" as
> the access and enable passwords is a common practice by users, but
> it isn't bundled in the IOS.  I've heard it began in training
> classes, where students were taught to use "cisco" as the
> passwords.
>
> Oh, and for those of you who think it mad leet to use "c1sc0" as
> your access and enable passwords, the miscreants are on to that as
> well.  ;)
>
> We've seen large, massively peered and backbone routers owned
> through this same technique.  We've even seen folks who have
> switched to Juniper, yet continue to use "cisco" as the login and
> password.  :(
>
> The nice thing about cooking up blame is that there is always
> enough to serve everyone.
>
> Thanks,
> Rob.
> -- 
> Rob Thomas
> Team Cymru
> http://www.cymru.com/
> ASSERT(coffee != empty);
>

• Previous message (by thread): Cisco, haven't we learned anything? (technician reset)
• Next message (by thread): Cisco, haven't we learned anything? (technician reset)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]