From: Kenneth Wygand (KWygand@customonline.com)
Date: Tue Jun 22 2004 - 17:19:11 GMT-3
Koen,
This doesn't work on the 3550's, as ROMMON is accessed through holding
the MODE button on the front of the switch while powering the switch up
(there is no electronic "break" sequence like the router which you can
use to disable this functionality).
Also, as a side note, even if you enable "no service password-recovery"
on a router, with physical access to the box, a perpetrator can still
open the box and short a specific set of pins with a jumper to reset
this back to the default of allowing the password-recovery
functionality. It's just another boulder in the road a perpetrator would
need to overcome, but without physical security, a network will not be
secure.
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP, CNA,
Network+, A+
Custom Computer Specialists, Inc.
"The only unattainable goal is the one not attempted."
-Anonymous
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Koen Peetermans
Sent: Tuesday, June 22, 2004 4:12 PM
To: 'Cert'; ccielab@groupstudy.com
Subject: RE: question on 3550..
no service password-recovery
Don't know if it exists on a Cat3550 but sure does on a router.....
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Cert
Sent: dinsdag 22 juni 2004 22:05
To: ccielab@groupstudy.com
Subject: question on 3550..
Hi,
how do I restrict someone from performing a password recovery on 3550 &
let's assume that the person has physical access to the switch.
Thanks for your help..
-Cert
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:47 GMT-3