From: Jay Hennigan (no email)
Date: Thu Jan 12 2006 - 20:40:36 EST
william(at)elan.net wrote:
>
>> Actually, and fairly recently, this IS a default password in IOS. New
>> out-of-box 28xx series routers have cisco/cisco installed as the
>> default password with privilege 15 (full access). This is a recent
>> development.
>
>
> This is hardly only cisco's problem. Most office routers I've dealt with
> also come with default username/password and on occasions when I dealt
> with existing installation those passwords have rarely been changed.
True. However I much prefer the old way that Cisco did it. No default
passwords on the box at all. But, no remote administration at all until
a password was set on the console.
Now, there is a default cisco/cisco. Newbie admin creates a new
user/pass, tests thinks it's secure, fails to remove the default, game
over.
> What should really be done (BCP for manufactures ???) is have default
> password based on unit's serial number. Since most routers provide this
> information (i.e. its preset on the chip's eprom) I don't understand
> why its so hard to just create simple function as part of software to
> use this data if the password is not otherwise set.
The old-school Cisco way works for me. Default is no password if you
have physical access, but no remote access.
-- Jay Hennigan - CCIE #7880 - Network Administration - NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
|
|
|