Configuring password and securing up devices is very important and we must configure password on different lines to prevent the unauthorized access to the device.
Due to increased number of cyber attacks, networks now a day are more prone to online attack rather than physical damage to the devices and hackers continuously try to find out the loop hole in the network to compromise the security. Every year organizations lose thousands of dollars due to cyber attacks and sometimes important data is lost permanently. Most of these attacks can be prevented if the security is properly implemented at every layer and internet is the source of most of these attacks.
There are various types of devices available in the market to stop these attacks like advance firewalls, intrusion prevention system, antivirus etc however we should not ignore the basic security parameters like setting up good password on the device. Organizations spend large amount of money on expensive hardware to secure the networks however that can be of no use if security is not implemented at every layer.
In this lab, we will encrypt all the passwords on the device with one command.
When we configure passwords like Privileged Mode password, VTY line password, Console line password, etc. on our Cisco devices, these passwords are visible as a clear text in the running config. This is a security vulnerability since anyone can view them just by looking at the running config or start up config. Even when you are checking the Cisco device configuration, someone could be watching over your shoulder. To fix this problem, we could use a command known as the ‘service password-encryption’. This command encrypts all passwords and converts them into the alphanumeric number. Hence, we can use this command to store and display the passwords in encrypted form for added security.
Service password encryption command encrypts the password so just by looking at the password, no will be able to figure out or steal it however it does not provide complete protection as someone can easily copy that encrypted password from the running or startup config and can find the used password by decrypting that, there are some sites available online that easily decrypt the password with just one click so we must use enable secret that use MD5 hash to encrypt the password which is very powerful encryption and it is not easy to reverse engineer the hash.
Although password encryption should be enable by default but it is not so we have to manually encrypt the passwords.
Lab tasks
- Set encrypted privileged level password to cisco
- Encrypt all passwords
Lab Configuration
Task 1
Router(config)#enable secret cisco
Task 2
Router(config)#service password encryption