Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Would like to know

Some one post this question on the board I am reposting it here so we can get some thoughts from very experinced guys like you,here we go:

"I have a question for you guys. I have been giving some thought about the configuration register and password recovery. It sure sounds to me that it is an easy thing to do to change your secret password if you forget it. Which means ultimately, is there any real security? Maybe Im misunderstanding, but it seems to me that if I had a malicious user within the company I work for, and they actually have PHYSICAL access to the server room (where the router would be), AND IF THEY KNEW HOW TO DO THIS, that this could be a real problem. Am I misunderstanding this? Because the way I understand it is that you can cause a break during a reboot of the router, change the configuration register to bypass startup-config (NVRAM), and then reset the secret password. Again, change the configuration register and reload. Now if someone knew this that was malicious, I (or you for that matter) could be up the creek in poo poo. Anyone have any comments OR please do correct me if my thinking is off base. Thanks in advance."

  • Other Security Subjects
New Member

Re: Would like to know

That is is a pretty well known 'exploit' if you want to call it that, but the only thing you can do is be sure that only trusted individuals have physical access to the equipment. There are other things you can do to try to stay aware of your equipments status. If you have a network management system in place, and someone rebooted your router, you could be alerted via email or pager or whatever. This would at least give you some indication that something out of the ordinary is going on...