How do I protect your vro password?

Source: Internet
Author: User
Tags md5 hash password protection strong password

How to Prevent hackers from accessing the vro password?

Q: How can I change the vro password? What are the best practices for defending against vro password attacks?

A: The two basic rules for protecting the vro password are: always change the newVroThe default password of and only log on to the vro through secure and encrypted connections.

Hackers not only know all the default passwords of common vrouters on the market, but also upload these passwords to the website. If you think this is not the first step for them to attack the vro, do not change the default password and check what will happen.

And, of course, use a strong password-it cannot be a dictionary word, it must be at least eight characters long, including uppercase and lowercase letters and numbers. Also, make sure that different passwords are used on different systems. If you use the same password on the network, it will be attacked. What then? The entire network is under attack.

For encrypted connections, you can only use SSH and other protocols. It can create secure router connections. Protocols and services such as Telnet and TFTP are not encrypted, so they are vulnerable to attacks. A bad thing on the vro is that the user ID and password can be transmitted in plain text, and can be easily detected.

Cisco Router password protection

On the other hand, Cisco IOS has two methods to encrypt passwords in the configuration file, which are stored on the vro. Cisco can store passwords in configuration files in three ways: inscriptions, Vignere encryption, and MD5 hashing algorithms. Vignere is a slightly weaker encryption algorithm than MD5, but unlike MD5, Vignere is reversible, that is, it can be cracked.

A Cisco router uses three cryptographic commands: Service password encryption, activation password, and activation secret. The first method is Vignere encryption, and the other two are MD5 hash encryption. Activating a secret command is a newer feature in Cisco routers and is more powerful than activating a password. The activation PASSWORD command can only maintain backward compatibility, while the service password encryption is weak, but some old network protocols still need its compatibility.

These commands can also allow passwords to be set and encrypted at different access levels, depending on the permissions assigned to employees by the Administrator.

If possible, use the Cisco encryption command to protect the vro password. There are a large number of detailed documents on Cisco's website. If you are using other brands of routers, you must stick to SSH or other encrypted connections.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.