CCNA Security: Securing the IOS and Config File

The router running configuration file and image is secured by taking the copy of the & placing the images into the persistent storage. The output of the show flash command will not show the images which are secure.  This helps to prevent the attacker from erasing the content of the NVRAM and the persistent storage.

The router is the device which routes the data packets.  So from attacker’s point of view, the disruption of the network can be easily achievable once the router is compromised.  The running copy of the IOS image & IOS running configuration can be archived at secure location so they won’t be visible in with the commands such as dir or show flash.  The network administrator can then retrieve the archived copy of the files and restore the router, which will reduce the downtime.  The secured files like Cisco IOS image or running configuration are referred as the boot set.  The secure files are protected and user can not remove these secure files.

Router> enable

Router# configure terminal

The below command will secure the IOS image so it cannot be seen.

Router(config)#secure boot-image

The below command will secure the running configuration.

Router(config)#secure boot-config

Router(config)#end

To verify archive existence.

Router# show secure bootset

IOS resilience router id JMXS4L5GH

IOS image resilience version 12.2 activated at 08:16:51 UTC Sun Jun 19 2008

Secure archive slot0:c3745-jps2-mz type is image (elf)

file size is 2542369248 bytes, run size is 256234900 bytes

Runnable image, entry point 0x800608000, run from ram

IOS configuration resilience version 12.2 activated at 08:13:02 UTC Sun Jun 17 2006

Secure archive slot0:.runcfg-240020616-0817402.ar type is config

configuration archive size 1099 bytes