Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
828
Views
0
Helpful
4
Replies

disabling "reset to factory default"

daniele.perucchini
Level 1
Level 1

‎02-14-2017 01:02 AM - edited ‎03-10-2019 12:46 AM

Sirs

for security reasons, I'd like to disable the possibility to perform both the "password recovery" and the "reset to factory default" (hardware and software) procedures.

 

More specifically, I'd like to configure my switch/router in order to completely "brick" it if you don't know any of the "legal" passwords.

In this manner, I'd like to

1) prevent the theft of the equipment (making it useless)

2) prevent attacks to my network performed using a "legal" hardware equipment but re-configured in a malicious way (by means of a factory reset and a subsequent  "bad" configuration)

I know that I can use 

1) the " no setup express" command

2) the "no password recovery" command

 

Is that sufficient? Is there any additional parameter's configuration allowing my desired behaviour?

 

Thanks in advance

Have a nice day

Daniele

Labels:
0 Helpful
4 Replies 4

Leo Laohoo
Hall of Fame
Hall of Fame

‎02-14-2017 01:48 AM

the "no password recovery" command

This won't work. 

Anyone (if one knows how to find it) can bypass this (I know I can).  

A lot of people would enable this command and then sell their Cisco kit into the market hoping to get the buyer into strife (or getting more money just to give the password).  

0 Helpful

daniele.perucchini
Level 1
Level 1
In response to Leo Laohoo

‎02-14-2017 03:51 AM

Many thanks Leo for you answer (I agree with your last comment)

In my business case (large server room, with hundreds of different equipments owned by tens of different stakeholder) I mainly have to avoid that the hardware reset button is pushed by mistake (or intentionally)  performing an "out of order" attack.

...and that someone (by mistake or intentionally) change the "master" passwords...

I forgot to mention that I use also the "FIPS compliant" option

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to daniele.perucchini

‎02-14-2017 12:09 PM

Look, if the problem is all about unauthorized people gaining access to your routers and switches, then the answer doesn't lie entirely on them.  Secure TACACs server, robust password policy and layers of ACLs will keep them secure. 

However, all this doesn't guarantee someone making a mistake.  And this alone doesn't guarantee that a disgruntled staff doesn't remote access in to wreck havoc.  

0 Helpful

daniele.perucchini
Level 1
Level 1
In response to Leo Laohoo

‎02-14-2017 11:14 PM

Tx for your very precise answer.

...unfortunately, it seems that there is no way to disable the "reset" button...

Up to now, this is my major concern.

Have a nice day

Daniele

0 Helpful
Customers Also Viewed These Support Documents