Login
- Table of Contents
-
- 03-System Management Configuration Guide
- 00-Preface
- 01-Basic device management configuration
- 02-Device hardening configuration
- 03-Hardware resource management configuration
- 04-EAA configuration
- 05-Process monitoring and maintenance configuration
- 06-Fast log output configuration
- 07-Flow log configuration
- 08-Information center configuration
- 09-GOLD configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 02-Device hardening configuration | 38.25 KB |
Hardening the device
Device hardening tasks at a glance
All device hardening tasks are optional. You can perform any of the tasks in any order.
· Disabling password recovery capability
Disabling password recovery capability
About this task
Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus. For more information about BootWare menus, see the release notes.
If password recovery capability is enabled, a console user can access the device configuration without authentication to configure a new password.
If password recovery capability is disabled, console users must restore the factory-default configuration before they can configure new passwords. Restoring the factory-default configuration deletes the next-startup configuration files.
To enhance system security, disable password recovery capability.
Restrictions and guidelines
To access the device configuration without authentication, you must connect to the active MPU and access the BootWare menu while the MPU is starting up.
To access the device configuration without authentication, you must connect to the global active MPU and access the BootWare menu while the MPU is starting up.
Procedure
1. Enter system view.
system-view
2. Disable password recovery capability.
undo password-recovery enable
By default, password recovery capability is enabled.
