From: Owens, Michael (Michael.Owens@xxxxxxx)
Date: Wed Aug 28 2002 - 12:50:34 GMT-3
The best way to solve this would be to use ACS with a TACACS+ database
utilizing AAA.
The quickest way is to just use the enable secret command.
The Cisco decryption programs will not decrypt passwords set with the enable
secret command. The enable password command should no longer be used. Use
the enable secret command for better security. The only instance in which
the enable password command might be tested is when the device is running in
a boot mode that does not support the enable secret command.
Enable secrets are hashed using the MD5 algorithm. As far as anyone at Cisco
knows, it is impossible to recover an enable secret based on the contents of
a configuration file (other than by obvious dictionary attacks).
Michael C. Owens
-----Original Message-----
From: Wright, Jeremy [mailto:JA_WRIGHT@admworld.com]
Sent: Wednesday, August 28, 2002 9:42 AM
To: 'security@groupstudy.com'
Cc: 'ccielab@groupstudy.com'
Subject: Read Only Access For Telnet
I have a remote location that is needing read only access to my router. I
know you can decrypt the encrypted password in the show run and I want to
eliminate the possibility of them doing that. What is the best way to
accomplish this?
************************
Jeremy Wright
Network Analyst
Archer Daniels Midland
ja_wright@admworld.com
(217)451-4063
************************
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:40 GMT-3