Q: How can I change the vro password? What are the best practices for defending against vro password attacks?
A: There are two basic rules for protecting the vro password: always change the default password of the new vro and log on to the vro only through secure and encrypted connections.
Hackers not only know all the default passwords of common vrouters on the market, but also upload these passwords to the website. If you think this is not the first step for them to attack the vro, do not change the default password and check what will happen.
And, of course, use a strong password-it cannot be a dictionary word, it must be at least eight characters long, including uppercase and lowercase letters and numbers. Also, make sure that different passwords are used on different systems. If you use the same password on the network, it will be attacked. What then? The entire network is under attack.
For encrypted connections, you can only use SSH and other protocols. It can create secure router connections. Protocols and services such as Telnet and TFTP are not encrypted, so they are vulnerable to attacks. A bad thing on the vro is that the user ID and password can be transmitted in plain text, and can be easily detected.
Cisco Router password protection
On the other hand, Cisco IOS has two methods to encrypt passwords in the configuration file, which are stored on the vro. Cisco can store passwords in configuration files in three ways: inscriptions, Vignere encryption, and MD5 hashing algorithms. Vignere is a slightly weaker encryption algorithm than MD5, but unlike MD5, Vignere is reversible, that is, it can be cracked.
A Cisco router uses three cryptographic commands: Service password encryption, activation password, and activation secret. The first method is Vignere encryption, and the other two are MD5 hash encryption. Activating a secret command is a newer feature in Cisco routers and is more powerful than activating a password. The activation PASSWORD command can only maintain backward compatibility, while the service password encryption is weak, but some old network protocols still need its compatibility.
These commands can also allow passwords to be set and encrypted at different access levels, depending on the permissions assigned to employees by the Administrator.
If possible, use the Cisco encryption command to protect the vro password. There are a large number of detailed documents on Cisco's website. If you are using a vro of other brands, you must stick to SSH or other encrypted connections.