North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Cisco, haven't we learned anything? (technician reset)
- From: John Kinsella
- Date: Thu Jan 12 14:00:37 2006
I've been pretty happy with Cisco ACS - fairly solid, good reporting,
once set up it seems to Just Work.
On Thu, Jan 12, 2006 at 11:00:10AM -0800, Bill Nash wrote:
> Just as an offshoot discussion, what's the state-of-the-art for AAA
> services? We use an modified tacacs server for multi-factor
> authentication, and are moving towards a model that supports
> single-use/rapid expiration passwords, with strict control over when and
> how local/emergency authentication can be used.
> I'd be interested in that discussion, on or offlist.
> - billn
> On Thu, 12 Jan 2006, Rob Thomas wrote:
> >Hi, NANOGers.
> >] On the other hand, the most common practice to hack routers today, is
> >] still to try and access the devices with the notoriously famous default
> >] login/password for Cisco devices: cisco/cisco.
> >This is NOT a default password in the IOS. The use of "cisco" as
> >the access and enable passwords is a common practice by users, but
> >it isn't bundled in the IOS. I've heard it began in training
> >classes, where students were taught to use "cisco" as the
> >Oh, and for those of you who think it mad leet to use "c1sc0" as
> >your access and enable passwords, the miscreants are on to that as
> >well. ;)
> >We've seen large, massively peered and backbone routers owned
> >through this same technique. We've even seen folks who have
> >switched to Juniper, yet continue to use "cisco" as the login and
> >password. :(
> >The nice thing about cooking up blame is that there is always
> >enough to serve everyone.
> >Rob Thomas
> >Team Cymru
> >ASSERT(coffee != empty);