RE: Read Only Access For Telnet

From: Volkov, Dmitry (Toronto - BCE) (dmitry_volkov@xxxxxxxxx)
Date: Fri Aug 30 2002 - 08:45:52 GMT-3

• Next message: Graham, John: "RE: Read Only Access For Telnet"
• Previous message: Omer Ansari: "Re: What the wife said !"
• Maybe in reply to: Wright, Jeremy: "Read Only Access For Telnet"
• Next in thread: Graham, John: "RE: Read Only Access For Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
> -----Original Message-----
> From: Graham, John [mailto:john.graham@cgey.com]
> Sent: Friday, August 30, 2002 5:11 AM
> To: 'Owens, Michael'; 'Wright, Jeremy'; 'security@groupstudy.com'
> Cc: 'ccielab@groupstudy.com'
> Subject: RE: Read Only Access For Telnet
>
>
> They obviously haven't done a web search then.
>
> http://www.kazmier.com/computer/cisco-noswing.html

!!!!! This decrypts only Level 7 passwords.
!!!!! This doesn't decrypt passwords encrypted with "enable secret" command

> -----Original Message-----
> From: Owens, Michael [mailto:Michael.Owens@FMR.COM]
> Sent: 28 August 2002 16:51
> To: 'Wright, Jeremy'; 'security@groupstudy.com'
> Cc: 'ccielab@groupstudy.com'
> Subject: RE: Read Only Access For Telnet
>
>
> The best way to solve this would be to use ACS with a TACACS+ database
> utilizing AAA.
>
> The quickest way is to just use the enable secret command.
> The Cisco decryption programs will not decrypt passwords set
> with the enable
> secret command. The enable password command should no longer
> be used. Use
> the enable secret command for better security. The only
> instance in which
> the enable password command might be tested is when the
> device is running in
> a boot mode that does not support the enable secret command.
>
> Enable secrets are hashed using the MD5 algorithm. As far as
> anyone at Cisco
> knows, it is impossible to recover an enable secret based on
> the contents of
> a configuration file (other than by obvious dictionary attacks).
>
> Michael C. Owens
>
> -----Original Message-----
> From: Wright, Jeremy [mailto:JA_WRIGHT@admworld.com]
> Sent: Wednesday, August 28, 2002 9:42 AM
> To: 'security@groupstudy.com'
> Cc: 'ccielab@groupstudy.com'
> Subject: Read Only Access For Telnet
>
>
> I have a remote location that is needing read only access to
> my router. I
> know you can decrypt the encrypted password in the show run
> and I want to
> eliminate the possibility of them doing that. What is the best way to
> accomplish this?
>
>
>
>
>
>
>
>
>
>
> ************************
> Jeremy Wright
> Network Analyst
> Archer Daniels Midland
> ja_wright@admworld.com
> (217)451-4063
>
> ************************

• Next message: Graham, John: "RE: Read Only Access For Telnet"
• Previous message: Omer Ansari: "Re: What the wife said !"
• Maybe in reply to: Wright, Jeremy: "Read Only Access For Telnet"
• Next in thread: Graham, John: "RE: Read Only Access For Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:42 GMT-3