[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments
Dan Hollis wrote:
On Fri, 13 Jun 2003, Smith, Donald wrote:
But for example the cisco default has been WELL documented for a long time.
In fact there isnt a default password in most cisco routers.
What I mean in regard to default password is for default password on
public interfaces (eg serial, ethernet). Default password on management
ports (eg console port) is OK. But we should discourage plugging in a
router with default password on ethernet, so that it gets owned 10
seconds after connecting it to the LAN.
Maybe a 'vendor devices MUST NOT have a common default password on any
public interface'? Its ok if they have random passwords that are e.g.
printed on a card that comes with the device.
How about the following, which I think is the way IOS works by default now:
Requirement:
The device MUST NOT allow any remote access for management without
explicit configuration of authenticaiton and authorization.
Example:
It should not be possible to use a well know default password to remotely
manage a newly installed device using standard management protocols
(telnet, SNMP, SSH ...)
---George