Professional Documents
Culture Documents
Lec 10
Lec 10
Password Setting
& Configuring a banner
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 1
The types of passwords used in securing a
CISCO router
Passwords are the first line of defense for securing Cisco Routers.
There are five password types that can be configured on a Cisco Router:
Privileged Level Passwords (Privilege EXEC)
Enable Password (not encrypted)
Enable Secret Password (encrypted password)
Console Line Password
VTY Lines Password
Auxiliary (AUX) Line Password
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 2
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 3
Configuring a Router Password
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 4
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 5
User password (console password )
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 6
Privileged password
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 7
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 8
Encrypting Passwords
NOTES:
To encrypt local router passwords, use the service password-
encryption command in global configuration mode as shown above.
By default, IOS does not encrypt passwords. Encrypting passwords
in this way helps to minimize the risk of password sniffing.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 9
Service password-encryption
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 10
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 11
Enable Secret
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 12
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 13
How to configure Cisco IOS Banners
Different Banners
Cisco IOS routers support a number of banners, here they are:
MOTD banner: the “message of the day” banner is
presented to everyone that connects to the router.
Login banner: this one is displayed just before the
authentication prompt.
Exec banner: displayed before the user sees the exec
prompt.
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 14
MOTD Banner
We’ll start with the message of the day banner that will be
presented to anyone accessing the router:
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 15
Login banner
R1(config)#banner login $ Authenticate yourself! $
Exec banner
R1(config)# banner exec # You are connected to line $(line)
at router $(hostname) #
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 16
Remote Access
Telnet
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 1
Steps
Reachability (IP)
Security
Privileged Level Passwords
Enable Password (not encrypted)
Enable Secret Password (encrypted password)
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 2
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 3
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 4
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 5
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 6
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 7
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 8
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 9
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 10
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 11
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 12
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 13
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 14
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 15
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 16
Wireshark Packet Sniffing Usernames
and Passwords
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 17
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 18
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 19