Cisco, haven't we learned anything? (technician reset)

• Previous message (by thread): Cisco, haven't we learned anything? (technician reset)
• Next message (by thread): Cisco, haven't we learned anything? (technician reset)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

william(at)elan.net wrote:

> 
>> Actually, and fairly recently, this IS a default password in IOS.  New 
>> out-of-box 28xx series routers have cisco/cisco installed as the 
>> default password with privilege 15 (full access).  This is a recent 
>> development.
> 
> 
> This is hardly only cisco's problem. Most office routers I've dealt with
> also come with default username/password and on occasions when I dealt
> with  existing installation those passwords have rarely been changed.

True.  However I much prefer the old way that Cisco did it.  No default 
passwords on the box at all.  But, no remote administration at all until 
a password was set on the console.

Now, there is a default cisco/cisco.  Newbie admin creates a new 
user/pass, tests thinks it's secure, fails to remove the default, game 
over.

> What should really be done (BCP for manufactures ???) is have default
> password based on unit's serial number. Since most routers provide this
> information (i.e. its preset on the chip's eprom) I don't understand
> why its so hard to just create simple function as part of software to 
> use this data if the password is not otherwise set.

The old-school Cisco way works for me.  Default is no password if you 
have physical access, but no remote access.

-- 
Jay Hennigan - CCIE #7880 - Network Administration - jay at west.net
NetLojix Communications, Inc.  -  http://www.netlojix.com/
WestNet:  Connecting you to the planet.  805 884-6323

• Previous message (by thread): Cisco, haven't we learned anything? (technician reset)
• Next message (by thread): Cisco, haven't we learned anything? (technician reset)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]