Wednesday, July 10, 2013

Cisco Router: How To Secure Your Router Passwords

I know you can always put in the "service password-encryption" command in CLI, but trust me, its not secure.  Its going to encrypt the passwords at level 7, which takes all of about 2 seconds to decrypt.  And look, here is what is going to happen to you one day.  Im going to come in to your facility one day without you knowing it and Im going to get into your DMARC room, where I hope your router is.  Then, Im going to break into your router and get your passwords that you probably use on all your network devices.  It wont take me more than 5 minutes to get this.  No, this wont be at your main site.  It will be at one of your remote sites.  And if you are unprepared, there wont be anything you can do about it.
So, if you want to keep your passwords secure (and you do), here is something you can do to protect them.

2911(config)#username testuser secret testuser  

Notice in ORANGE in the command above, I have the keyword 'secret'.  That will encrypt your password to level 5.  That is what I prefer.  And I hope you do too.  When I do a show run, this is what I get:

 username testuser secret 5 $1$8xWJ$R1RHSdlGlKjkdtIirE9C0

Much better.  Notice the '5' after the keyword secret.  That means that for a while, you wont be able to decrypt it.

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.