You can't. If a knowledgable person has physical access to your network device, they can recover the passwords and 'own' it. The best you can do is log accesses and events remotely so you will know if the system has been compromised.
You mite want to check this link for disabling the same..
you can do it with no service password-recovery command in the global config mode..
but i dont suggest to do something inline with that..
thank u for your recommendations ,
no knowlgable person is gonna hae access to router,
and i think they only know basic key combinations for entering rommon , the only thing i need to do is to disbla break and Ctrl+break key combination .
and by the way the link you offered requires a previledged cco account and unfortunatly i don't have one .
sorry about the link ...
do check this one...
i have just been checking the link u offered
when i tried to test the command (no service password-encryption) i foun out that the router does not support it .
the router that i am testing the command on , is a 3620 router , but the router that i want to disable password recovery is a 3745 router with its default ios , i wanna know if the 3745 router supports the command or not .
Its well mentioned in the link sent by me...
Cisco 2691, 3631, 3725, and 3745 Routersno minimum ROMMON or Cisco IOS® software requirements
Cisco 3600 Series Routersminimum ROMMON version 11.1(17)AA (orderable as BOOT-3600=) Minimum Cisco IOS Software Release 11.2(12)P or 11.3(3)T
Cisco 2600 Series Routersall ROMMON and Cisco IOS software versions
Cisco 1700 Series Routersrequires minimum ROMMON 12.1(5r)T1. This is not orderable as a spare, so you cannot upgrade an existing 1720 or 1750. All 1710, and 1751 routers have this ROMMON.
Again its no service password-recovery not password-encryption...
Thank u very much
i realy do appreciate your help
i have got one more question ,is it possible to disable the console port so it does not respond to any connection even during startup ?
Console access is very much reqd to troubleshoot or diagnoise booting issues or issues during startup.
AFAIK i dont think its possible to disable during the startup and its not a wise decision to do so.
Better i would suggest to configure with non guessable passwds to secure the access..
the reason that makes me do such a thing is, not to let anybody have access to router rommon ,
if there is any other solution preventing users from accessing rommon and changing config register, i would prefer that way .
Do check this link for more info in securing your router..