fir3net

Securing your IOS configuration and files

In a worst case scenario someone could gain access to your router, clear the boot image and config. This would result in a lengthy down time and a lot stress. Cisco have tried to address this but the use of the following commands which prevents the clearing of your config and boot image

(config) # secure boot-image
(config) # secure boot-config

When using the secure boot-image command the router requires a populated PCMCIA memory slot as it saves the boot image to its PCMCIA memory.
This isnt required for secure boot-config. This command copies your configuration into un-delectable memory spaces, with the only way being able to delete this file being via the console port on the device.

Restore Image

rommon 1> boot slot0:c3745-js-mz.bin
Router # copy slot0:c3745-js-mz.bin flash:c3745-js-mz.bin
Router (config)# no boot system
Router (config)# boot system flash c3745-js-mz.bin


Restore Configuration

Router (config)# secure boot-config restore rescue-cfg
Router # copy flash:rescue-cfg startup-config

About the Author

RDonato

R Donato

Ricky Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Ricky on Twitter @f3lix001