Cisco, haven't we learned anything? (technician reset)
Jay Hennigan
jay at west.net
Fri Jan 13 01:40:36 UTC 2006
william(at)elan.net wrote:
>
>> Actually, and fairly recently, this IS a default password in IOS. New
>> out-of-box 28xx series routers have cisco/cisco installed as the
>> default password with privilege 15 (full access). This is a recent
>> development.
>
>
> This is hardly only cisco's problem. Most office routers I've dealt with
> also come with default username/password and on occasions when I dealt
> with existing installation those passwords have rarely been changed.
True. However I much prefer the old way that Cisco did it. No default
passwords on the box at all. But, no remote administration at all until
a password was set on the console.
Now, there is a default cisco/cisco. Newbie admin creates a new
user/pass, tests thinks it's secure, fails to remove the default, game
over.
> What should really be done (BCP for manufactures ???) is have default
> password based on unit's serial number. Since most routers provide this
> information (i.e. its preset on the chip's eprom) I don't understand
> why its so hard to just create simple function as part of software to
> use this data if the password is not otherwise set.
The old-school Cisco way works for me. Default is no password if you
have physical access, but no remote access.
--
Jay Hennigan - CCIE #7880 - Network Administration - jay at west.net
NetLojix Communications, Inc. - http://www.netlojix.com/
WestNet: Connecting you to the planet. 805 884-6323
More information about the NANOG
mailing list