How to Configuring Password Encryption

This blog is created for network security review, study and understanding about network related issues only! The blog is mainly focus on Network Security Notes about Network, Network Security, Network Technology, Network Labs review related Cisco and Microsoft technology ,Network Threats, Types of Network Threats, Network Alerts, Enterprise Security Policy and Audits, Security Policy and Audits,Logical Security, Physical and Logical Security, Physical Security,Cisco Products Review, Microsoft Products review, Cisco Routers, Routers Security, Console Access, Telnet Access, Network Attack, Network Attack report, Network management, Anti-virus, Network Security with Anti-virus, and All About Network Security... Thanks for your visit!

As my previous post about How to Configure Privilege Levels for Users on Cisco Router.
Today this post I'd like to show you how to configure Password Encryption on Cisco Router.

Well, It's relatively simple to configure password encryption on Cisco routers. When password encryption is configured, all passwords that are configured on the router are converted to an unsophisticated reversible cipher. Although the algorithm that is used to convert the passwords is somewhat unsophisticated, it still serves a very good purpose. Intruders cannot simply view the password in plain text and know what the password is. To enable the use of password encryption, use the command service password−encryption.

The following example shows a router configuration prior to enabling password encryption. An enable password, a console password, and a Telnet password is configured:

CiscoRouter#show running−config
!
enable password Cisco
!
line con 0
password NetVisa
!
line vty 0 4
password Security
!

The following example shows the command you would use to enable password encryption on the router:

CiscoRouter#config t
Enter configuration commands, one per line. End with CNTL/Z.
CiscoRouter(config)#service password−encryption
CiscoRouter(config)#end
CiscoRouter#

The results of enabling password encryption can be seen in the following example. Notice that each
password is now represented by a string of letters and numbers, which represents the encrypted format of the password:

CiscoRouter#show running−config
!
enable password 7 05280F1C2243
!
line con 0
password 7 04750E12182E5E45001702
!
line vty 0 4
password 7 122A00140719051033
!

Note: Password encryption does not provide a very high level of security. There are widely available passwords crackers that can reverse the encryption. I do, however, recommend using the password encryption command on all routers. I also recommend that you take additional security measures to protect your passwords.

Read more...

If you like this post, please subscribe below,thanks!

Enter your email address:

Delivered by FeedBurner

Learn to Configure Enable Mode Security on Cisco Router

This blog is created for network security review, study and understanding about network related issues only! The blog is mainly focus on Network Security Notes about Network, Network Security, Network Technology, Network Labs review related Cisco and Microsoft technology ,Network Threats, Types of Network Threats, Network Alerts, Enterprise Security Policy and Audits, Security Policy and Audits,Logical Security, Physical and Logical Security, Physical Security,Cisco Products Review, Microsoft Products review, Cisco Routers, Routers Security, Console Access, Telnet Access, Network Attack, Network Attack report, Network management, Anti-virus, Network Security with Anti-virus, and All About Network Security... Thanks for your visit!

To configure enable mode access, you can use one of two commands: enable password or enable secret. Both commands accomplish the same thing, allowing access to enable mode. However, the enable secret command is considered to be more secure because it uses a one−way encryption scheme based on the MD5 hashing function. Only use the enable password command with older IOS images and/or boot ROMs that have no knowledge of the newer enable secret command.




You configure an enable password by entering the enable password command in global configuration mode:

CiscoRouter#config t
Enter configuration commands, one per line. End with CNTL/Z.
CiscoRouter(config)#enable password VisaGoogla
CiscoRouter(config)#end
CiscoRouter#

The preceding configuration sets the enable password to VisaGoogla. The result of setting the enable password can be seen in the following output. From the user mode prompt, you must enter the enable command to gain access into privileged mode:

CiscoRouter>enable
Password: VisaGoogla
CiscoRouter#

Note: After you enter the enable command, the password you type at the password prompt will not be displayed. Be sure to type the password exactly as it is configured in the enable password command.

You configure an enable secret password by entering the following command in global configuration mode:

CiscoRouter#config t
Enter configuration commands, one per line. End with CNTL/Z.
CiscoRouter(config)#enable secret VisaGooglaSec
CiscoRouter(config)#end
CiscoRouter#

The preceding configuration sets the enable secret password to VisaGooglaSec. The result of setting the enable secret password can be seen in the following output. From the user mode prompt, you must enter the enable command to gain access into privileged mode, as follows:

CiscoRouter>enable
Password: VisaGooglaSec
CiscoRouter#

Note: After you enter the enable command, the password you type at the password prompt will not be displayed. Be sure to type the password exactly as it is configured in the enable password command.

Note: For security reason, we recommend you to use "enable secret password", because the secret password uses MD5 hashing function to encrypt your password, so it is more secure than "enable password"!!!

Read more...

If you like this post, please subscribe below,thanks!

Enter your email address:

Delivered by FeedBurner

Configuring Password Encryption

This blog is created for network security review, study and understanding about network related issues only! The blog is mainly focus on Network Security Notes about Network, Network Security, Network Technology, Network Labs review related Cisco and Microsoft technology ,Network Threats, Types of Network Threats, Network Alerts, Enterprise Security Policy and Audits, Security Policy and Audits,Logical Security, Physical and Logical Security, Physical Security,Cisco Products Review, Microsoft Products review, Cisco Routers, Routers Security, Console Access, Telnet Access, Network Attack, Network Attack report, Network management, Anti-virus, Network Security with Anti-virus, and All About Network Security... Thanks for your visit!

All Cisco console and Telnet passwords configured on the router are stored in plain text within the configuration of the router by default, thus making them easily readable. If someone issues the show running−config privileged mode command, the password is displayed. Another instance when the password can easily be read is if you store your configurations on a TFTP server, the intruder only needs to gain access into the TFTP machine, after which the intruder can read the
configuration with a simple text editor. Password encryption stores passwords in an encrypted manner on the router. The encryption is applied to all configured passwords on the router.

Read more...

If you like this post, please subscribe below,thanks!

Enter your email address:

Delivered by FeedBurner