Hi,
Kirby Dolak wrote:
> 2. Bay recommends that both accounts (User and Manager) have passwords
> assigned. Both have default/null passwords as they ship from the factory,
> just like a Unix system. The administrator should immediately take
> measures to secure the system, at initial system install, so that an
> unauthenticated user/manager doesn't have
> access to device management information, such as the community names and
> addresses via telnet/console.
I like the way Cisco approaches this issue.
Unless you set a login password, or enable some kind of "aaa authentication"
service, you CANNOT LOGIN AT ALL over network.
And if you are logged in to an unprivileged account, you cannot become
superuser unless you have already set the enable password from the console.
This is VERY good.
No need to "recommend" anything, it's just "secure out of the box". If
you neglect to configure the password, it just isn't accessible at all
(except from the physical console).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gertat_private
fax: +49-89-35655025 gert.doeringat_private-muenchen.de
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:28 PDT