Physically limiting access to network devices by placing them in closets and locked racks is good practice; however, passwords are the primary defense against unauthorized access to network devices. Every device, even home routers, should have locally configured passwords to limit access. Later, we will introduce how to strengthen security by requiring a username along with a password. For now, we will present basic security precautions using only passwords.
As discussed previously, the IOS uses hierarchical modes to help with device security. As part of this security enforcement, the IOS can accept several passwords to allow different access privileges to the device.
The passwords introduced here are:
- Enable password - Limits access to the privileged EXEC mode
- Enable secret - Encrypted, limits access to the privileged EXEC mode
- Console password - Limits device access using the console connection
- VTY password - Limits device access over Telnet
As good practice, use different authentication passwords for each of these levels of access. Although logging in with multiple and different passwords is inconvenient, it is a necessary precaution to properly protect the network infrastructure from unauthorized access.
Additionally, use strong passwords that are not easily guessed. The use of weak or easily guessed passwords continues to be a security issue in many facets of the business world.
Consider these key points when choosing passwords:
- Use passwords that are more than 8 characters in length.
- Use a combination of upper and lowercase letters, numbers, special characters, and/or numeric sequences in passwords.
- Avoid using the same password for all devices.
- Avoid using common words such as password or administrator, because these are easily guessed.
Note: In most of the labs in this course, we will be using simple passwords such as cisco or class. These passwords are considered weak and easily guessable and should be avoided in a work environment. We only use these passwords for convenience in a classroom setting or to illustrate configuration examples.