index_47
UNCLASSIFIED
Implementing Security on Cisco Routers
Version 1.0g
UNCLASSIFIED
47
Step 4 View or change the password, or erase the configuration.
Step 5 Reconfigure the router to boot up and read the NVRAM as it
normally does.
Step 6 Reboot the system.1
Anyone with experience or training using Cisco routers can parley physical access
into full privileged administrative on a Cisco router; the procedure takes only a
couple of minutes. (Note: Step 5 is very important; if you need to use the password
recovery procedure for any reason, do not neglect to restore the system boot settings
after regaining access to the router. Failure to do so will usually result in the router
coming up in an insecure state on subsequent reboots.)
A second reason for controlling physical access to the router involves flash memory
cards. Many Cisco router models offer PCMCIA slots that can hold additional flash
memory. Routers equipped wit h these kinds of slots will give preference to memory
installed in a slot over memory installed in the chassis. An attacker with physical
access to a router on your network can install a flash memory card, or replace an old
one. They could then boot the router with their flash, thus causing the router to run
their IOS version and configuration. If done carefully and well, this kind of attack
can be very difficult to detect. The best defense against it is good physical security.
An operational security concern closely related to physical security is physical
operating environment. Like most networking equipment, routers are sensitive to
extreme temperature and humidity. If a router is not located in an environmentally
friendly area then it may operate in unexpected ways and degrade its security. This is
also a personnel safety issue. A room where routers are located should be free of
electrostatic and magnetic interference. The area should also be controlled for
temperature and humidity. If at all possible, all routers should be placed on an
Uninterruptible Power Supply (UPS), because a short power outage can leave some
network equipment in undetermined states.
The console (con) and auxiliary (aux) ports on Cisco routers are used for serial
connections to the router. Most Cisco routers have both a console and an auxiliary
port, some of the smallest models have only a console port. The primary difference
between the two ports is that the password recovery mechanism can be used on the
console port only. In many cases, the auxiliary port is unused. Some administrators
connect a modem to the auxiliary port to facilitate remote administration via dial-up.
Permitting direct dial-in to any vital piece of network infrastructure is potentially
very risky, and should be set up only when timely access by other means is not
feasible. In general, the auxiliary port should be disabled (see Section 4.1.3).
1
Cisco IOS Release 12.0 Security Configuration Guide, Configuring Passwords and
Privileges, Password Recovery Process Cisco Systems, 1999.