Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco, haven't we learned anything? (technician reset)

  • From: John Kinsella
  • Date: Thu Jan 12 14:00:37 2006

I've been pretty happy with Cisco ACS - fairly solid, good reporting,
once set up it seems to Just Work.

John

On Thu, Jan 12, 2006 at 11:00:10AM -0800, Bill Nash wrote:
> 
> 
> Just as an offshoot discussion, what's the state-of-the-art for AAA 
> services? We use an modified tacacs server for multi-factor 
> authentication, and are moving towards a model that supports 
> single-use/rapid expiration passwords, with strict control over when and 
> how local/emergency authentication can be used.
> 
> I'd be interested in that discussion, on or offlist.
> 
> - billn
> 
> On Thu, 12 Jan 2006, Rob Thomas wrote:
> 
> >
> >Hi, NANOGers.
> >
> >] On the other hand, the most common practice to hack routers today, is
> >] still to try and access the devices with the notoriously famous default
> >] login/password for Cisco devices: cisco/cisco.
> >
> >This is NOT a default password in the IOS.  The use of "cisco" as
> >the access and enable passwords is a common practice by users, but
> >it isn't bundled in the IOS.  I've heard it began in training
> >classes, where students were taught to use "cisco" as the
> >passwords.
> >
> >Oh, and for those of you who think it mad leet to use "c1sc0" as
> >your access and enable passwords, the miscreants are on to that as
> >well.  ;)
> >
> >We've seen large, massively peered and backbone routers owned
> >through this same technique.  We've even seen folks who have
> >switched to Juniper, yet continue to use "cisco" as the login and
> >password.  :(
> >
> >The nice thing about cooking up blame is that there is always
> >enough to serve everyone.
> >
> >Thanks,
> >Rob.
> >-- 
> >Rob Thomas
> >Team Cymru
> >http://www.cymru.com/
> >ASSERT(coffee != empty);
> >




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.