RE: question on 3550..

From: Shibu Nair (shinair@cisco.com)
Date: Tue Jun 22 2004 - 17:49:31 GMT-3

• Next message: Kenneth Wygand: "RE: Frame Relay End2 End keepalives"
• Previous message: Richard Dumoulin: "RE: Routing without routing protocol"
• Maybe in reply to: Cert: "question on 3550.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think 3550 is supported password-recovery.
http://www/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a0080115dc9.html#45131

With password recovery disabled, you can still interrupt the boot process
and change the password, but the
configuration file (config.text) and the VLAN database file (vlan.dat) are
deleted.

Kind of contradicting but definitely a security add...
So may be this is waht they are looking for...
Regards
Shibu
At 04:19 PM 6/22/2004 -0400, Kenneth Wygand wrote:
>Koen,
>
>This doesn't work on the 3550's, as ROMMON is accessed through holding
>the MODE button on the front of the switch while powering the switch up
>(there is no electronic "break" sequence like the router which you can
>use to disable this functionality).
>
>Also, as a side note, even if you enable "no service password-recovery"
>on a router, with physical access to the box, a perpetrator can still
>open the box and short a specific set of pins with a jumper to reset
>this back to the default of allowing the password-recovery
>functionality. It's just another boulder in the road a perpetrator would
>need to overcome, but without physical security, a network will not be
>secure.
>
>Kenneth E. Wygand
>Systems Engineer, Project Services
>CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP, CNA,
>Network+, A+
>Custom Computer Specialists, Inc.
>"The only unattainable goal is the one not attempted."
>-Anonymous
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Koen Peetermans
>Sent: Tuesday, June 22, 2004 4:12 PM
>To: 'Cert'; ccielab@groupstudy.com
>Subject: RE: question on 3550..
>
>no service password-recovery
>
>Don't know if it exists on a Cat3550 but sure does on a router.....
>
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Cert
>Sent: dinsdag 22 juni 2004 22:05
>To: ccielab@groupstudy.com
>Subject: question on 3550..
>
>Hi,
>how do I restrict someone from performing a password recovery on 3550 &
>let's assume that the person has physical access to the switch.
>Thanks for your help..
>-Cert
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Kenneth Wygand: "RE: Frame Relay End2 End keepalives"
• Previous message: Richard Dumoulin: "RE: Routing without routing protocol"
• Maybe in reply to: Cert: "question on 3550.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:47 GMT-3