3.5 Device Passwords Flashcards

1
Q

Secure privileged exec access

A

Description:
The password that restricts access to privileged exec mode is the most important password that you will set. This can be accomplished using the enable secret global configuration command with the password variable.

Example:
Device> enable
Device# configure terminal
Device(config)# enable secret class
Device(config)# exit
Device# disable
Device> enable
Password: Password
Device>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Secure user exec access

A

Description:
The exec mode password controls the ability to switch to configuration modes. There are two passwords that can be used. The enable password is stored in clear text in the config file. The enable secret password is encrypted and stored in the config file. To secure user exec access, the console port needs to be configured properly.

Example:
Device(config)# line console 0
Device(config-line)# password cisco
Device(config-line)# login
Device(config-line)# exit
Device(config)#

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Secure remote Telnet access

A

Description:
Virtual terminal (VTY) passwords control the ability to log onto the device using a virtual terminal connection. VTY provides remote access to the device. VTY lines should be secured. Most Cisco devices support up to 16 VTY lines. These lines are numbered 0 to 15.
Access to the console through a Telnet session is controlled by the login and the password entries. To prevent VTY access, there must be a login entry without a password set. Access is allowed based on the following conditions:

No login, no password. Access is allowed without a password.
Login, no password. Access is denied. The error message indicates that a password is required but none is set.
No login, password. Access is allowed without a password.
Login, password. Access is allowed only with the correct password.

Example:
Device(config)# line vty 0 15
Device(config-line)# password cisco
Device(config-line)# login
Device(config-line)# exit
Device(config)#

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Router(config)# enable secret password

A

Sets the encrypted password used for privileged mode access. The enable secret should always be used if it exists.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Router(config)# enable password password

A

Sets the unencrypted password for privileged mode access. This password is used if enable secret is not set.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Router(config)# Line console interface

A

This global config command allows a user to enter console configuration mode. The zero identifies the console interface (usually there is only one.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Router(config)# Line vty vty line [0-15]

A

This global config command allows a user to enter line VTY mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Router(config-line)# Login

A

VTY access can be enabled using the login command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Router(config-line)# no enable secret
Router(config-line)# no enable password
Router(config-line)# no login
Router(config-line)# no password

A

Removes the password. The no login command disables password checking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Service-password-encryption

A

It is important to note that the startup-config and running-config files show passwords in plain text. Because of this, you should encrypt your passwords using the global configuration service password-encryption command. This command provides a basic level of encryption to all unencrypted passwords within the config file. Note that these passwords are only lightly encrypted and can be easily broken. However, they do provide some level of security from someone looking over your shoulder. Rather than relying on this encryption, make sure to use the enable secret command for better encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Password Requirements

A

Implement the following requirements for passwords.

  • Do not use the same password for all
    devices.
  • Do not use the same password for both
    your enable and enable secret passwords.
  • Passwords should be more than 8
    characters long
  • Common words should not be used in
    passwords
  • Use a combination of letters, numbers,
    and symbols
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

do show run

A

reveals passwords (does not show if passwords are encrypted)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly