| Author |
Password recovery and configs
|
|
| The Reamer 2002-10-18, 1:27 pm |
| Wanted to see what you guys thought about a topic we discussed in our study group last night.
When breaking into a router, you can copy the config from the NVRAM to the running config. Whereby, you can see the passwords contained on the router.
Question 1. Does it seem like a security risk for someone to be able to see the configs on the router when they had to break into it?
Question 2. If you change the config (i.e. the ip address on an interface) when you break into the router, does this new information get added to or overwrite the existing config you bypassed to access the router?
Again, just wanted to get your thoughts.
Reamer | |
| dumfart 2002-10-18, 4:19 pm |
| If you take proper physical security precautions then the only one who should see it is an authorized person because you need to access the console port to break in. When you do a "copy start run" then the saved configuration will become the active configuration so the new address would not overwrite the old address if it conflicted with the original. I'm not sure if the new address would add to the original config if it didn't conflict with the original saved config though; I'll have to try that tonight when I get home. | |
| dumfart 2002-10-18, 5:49 pm |
| I just tried it. Everything you enter into configuration will be removed when you "copy start run" the new commands will not add to the saved config whether it conflicts with it or not. | |
| The Reamer 2002-10-18, 6:34 pm |
| I guess you would have to copy start run before making any config changes in order for the new info to be added.
As far as physical security is concerned, I am thinking of a person posing as a field tech for a LEC. Such a person could go to a customer's site acting like they are there on official business and gain access to the CPE. On the other hand, you have to be careful with equipment that you de-commission. If you don't erase the config prior to shelving the router, you have another potential breach.
Reamer | |
| netport 2002-10-21, 1:37 pm |
| There is a way to prevent the password recovery, have to configure the nvram I believe. I saw this topic on Groupstudy. You would only do this, if you are absolutely sure that you have the password written all over on your desk. And talking about seeing the passwords, I don't think you can see it cuz its encrypted. | |
| The Reamer 2002-10-21, 2:02 pm |
| If the password is a type 7, there are programs that will un-encrypt the password.
I think it would be better for the config to be erased if someone breaks into the router.
Reamer |
|
|
|