Cisco 857W - Integrated Services Router Technical Information download pdf (Page 15)

90 Chapter 3: Defending the Perimeter

The enable secret password appears in the running conﬁguration as an MD5 hash value.

However, the console, auxiliary, and vty line passwords appear in the running conﬁguration

as plain text, as shown in Example 3-5.

To better secure these passwords, a password encryption service can be enabled on the

router. This service uses a Cisco-proprietary algorithm that is based on a Vigenere cipher.

This algorithm is far from secure. Its password can be easily compromised with

downloadable utilities freely available on the Internet (such as the GetPass utility from

Boson Software). However, enabling the password encryption service does help prevent

someone from obtaining a password from the casual inspection of a router’s conﬁguration.

The password encryption service is enabled in global conﬁguration mode using the service

password-encryption command. After enabling this service, the console, auxiliary, and

vty line passwords appear in an encrypted format. The 7 that appears after the password

command indicates that the password has been encrypted using this Cisco-proprietary

encryption algorithm, as shown in Example 3-6.

Example 3-5 Line Passwords Appearing in Plain Text

R1# ss

line con 0

password 1mA$3cr3t

line aux 0

password @uxP@$$w0rd

line vty 0 4

password MyP@$$w0rd

Example 3-6 Cisco-Proprietary Password Encryption Results

R1(config)# ss

R1# ss

line con 0

password 7 091D43285D5614005818

line aux 0

password 7 06261A397C6E4D5D1247000F

line vty 0 4

password 7 09615739394153055B1E00

1 ... 14 15 16 ... 34

No comments

Cisco 857W - Integrated Services Router Technical Information Page 15