There are several options for transferring files to a cisco device. Tftp is a traditional way. Scp is also supported by IOS from 12.3(2)T, 12.2(14)S (encryption needs to be supported by the feature set). If no in-band connection is available, xmodem will become an option for it.
scp
Pro: Transfered files are encrypted
Con: Not supported by all platforms, in-band connection is necessary
tftp
Pro: Supported by all platforms
Con: Files are transfed in plain text, tftp protocol does not have authentication, in-band connection is necessary
xmodem
Pro: Supported by all platforms, No need for in-band connection
Con: Slow transmission
Whenever transferring a start-up configuration, it's better to think about using scp in favor of tftp since not a few passwords are on the config in a plain text or in an obscured form. Type 7 encryption is just an obfuscation that is cracked within a second, and even type 5 encryption can be decrypted with a massive computation power since the salt is also on the same file.
Reference:
Cisco IOS Configuration Fundamentals Command Reference
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_c1.html#wp1064741
Cisco Password Cracker (For type 5 encryption)
https://www.google.com/search?q=cisco+type+7+crack&ie=utf-8&oe=utf-8&aq=t
Decrypting Cisco type 5 password hashes
http://retrorabble.wordpress.com/2011/02/09/decrypting-cisco-type-5-password-hashes/
No comments:
Post a Comment