When we configure passwords like Privileged Mode password, VTY line password, Console line password, etc. on our Cisco devices, these passwords are visible as a clear text in the running config. This is a security vulnerability since anyone can view them just by looking at the running config or start up config. Even when you are checking the Cisco device configuration, someone could be watching over your shoulder. To fix this problem, we could use a command known as the ‘service password-encryption’. This command encrypts all passwords and converts them into the alphanumeric number. Hence, we can use this command to store and display the passwords in encrypted form for added security.

 

Lab tasks

  1. Set encrypted privileged level password to cisco
  2. Encrypt all passwords

Lab Configuration

Task 1

Router(config)#enable secret cisco

Task 2

Router(config)#service password encryption