One of the most frustrating moments as a network administrator is when you desperately want to log on to a Cisco router and you try all possible passwords you have with no success. Fortunately there is a Cisco password recovery procedure for IOS routers which you can follow and bypass password control in order to get access to the device. The bad thing is that this procedure will cause network downtime since you have to reboot the router a couple of times. Follow the steps below to recover (or change) the forgotten router password:

The following procedure is applicable for virtually any Cisco router, such as 800, 2600, 3600, 1800,2800,3800 etc.

Step1: 
Connect to the router with a serial console cable and open your terminal emulation software (I personally use secureCRT). Use the normal terminal settings (9600 baud, no parity, 8 data bits, 1 stop bit, no flow control). After that, you should get the command prompt.

Step2:
Now you have to power OFF the router from the power switch. Get ready on your keyboard and turn the power switch to ON. Immediately press the CTRL+BREAK keys on your keyboard several times until the router goes into ROMMON mode. You will see the rommon 1> prompt on your terminal window.

Step3:
Now you need to change the configuration register of your router. This register is responsible to control several boot-up and hardware parameters on the device. The normal value of this register is 0×2102. We will need to change it to 0×2142. This new value tells the router to bypass the startup-configuration (where the password is stored) and boot with the factory default configuration (i.e no password request).

At the rommon prompt type the following:

rommon 1> confreg 0×2142
rommon 2> reset

The “reset” command will reboot the device.

Step4:
After the router reboots, it will ignore the startup configuration and will behave like the very first time that you switched on the device. It will therefore run the initial setup script. Type “no” at the setup request or press “Ctrl-C” to terminate the initial setup procedure.

Step5:
Now you will get the Router> prompt. Type “enable” to get into privilege mode.

Router> enable
Router#  

Step6:
Now we need to load the “Startup-Config” into the “Running-Config”.

Router# copy startup-config running-config

IMPORTANT: DO NOT copy the running config into the startup config because now the running config is basically empty (factory default) so it will erase all of your startup config.

Step7:
Now we are ready to change our passwords. Change the enable password as below.

Router#config t
Router(config)# enable secret newpassword

Step8:
Another important step now is to change the configuration register back to its normal value which is 0×2102

Router(config)#config-register 0×2102

Step9:
Now save the configuration and reboot.

Router(config)#exit
Router# write
Router# reload

Step10:
After the router boots up, log on with your new password and enable all interfaces (using “no shutdown”) because during the recovery procedure the interfaces get shut down.
 
What we have done in the above 10 steps is that we bypassed the original configuration that has the forgotten password, and then we got to the privileged mode without the need to know the password. Then we loaded the original configuration into RAM (so we don’t loose it) and imposed a new password and saved things back to the NVRAM. And then we got back to the original boot sequence.

I was reading a security statistics report the other day and it seems that web vulnerabilities take up the majority of the pie. SQL injections, Cross Site Scripting, Code injections etc are found everywhere in web applications. Unfortunately secure coding (not only for HTML but for any software application) is not yet widely adopted, so we end up with applications that are vulnerable to all sorts of attacks. And because everyone is using the Web, we consequently find that security holes are more prevalent on Web Applications compared with anything else.

Legacy security architectures were designed with just perimeter and network security in mind. In the past, security experts were thinking that by installing a network firewall and maybe an Intrusion Detection System would provide all the required security. This is not true at all for protecting against modern attacks. Indeed a high-speed dedicated hardware firewall is still needed to provide low-level inspection and filtering (catching various attacks on the network and transport layers). After the legacy security infrastructure devices do their job (allowing only clean traffic to pass to the applications), an application firewall is also required for deeper inspection of incoming data and for discovering more complex application attacks that a regular firewall is not able to detect.

The ACE Web Application Firewall is a security appliance that is intended for deployment inside the DMZ segment, where your Web Applications are located. It fulfills all the requirements for companies that want to comply with PCI DSS regulations (companies that store and process credit card data) and combines deep Web application analysis with high-performance Extensible Markup Language (XML) inspection and management to address the full range of these threats. It secures and protects Web applications from common attacks such as identity theft, data theft, application disruption, fraud, SQL injection attacks, XSS attacks etc.

For more information of the ACE Web Application Firewall visit the Cisco link HERE.

So, I guess you have already passed your CCNA exam and you have started looking up higher on the “ladder” of Cisco Certifications. Congratulations. The next big step is to earn the Cisco CCNP certification, which will promote you into a prestigious group of professionals who have all the knowledge and competency to work on large scale and complex networking projects. Indeed this is how the official Cisco identifies CCNP professionals: “The CCNP validates knowledge and skills required to install, configure and troubleshoot converged local and wide area networks with 100 to 500 or more nodes“.

The CCNP curriculum contains a wide range of topics covering advanced and scalable routing, multilayer switching, network security, converged networks, WAN topics, optimization of networks with Quality of Service, Wireless LANs etc. I remember back in 2002 when I obtained my CCNP there was also a “Network Troubleshooting” exam which I remember it was the most difficult and most boring from all four exams. Fortunately now you have more interesting topics to learn!!

To get your CCNP Certification there are two exam paths: The first path requires candidates to pass four exams and the second path requires candidates to pass one composite exam plus two individual exams. You must also be CCNA certified already before taking any CCNP exams. The two certification exam paths are described below:

Option 1: Pass four Exams as shown below:

• Building Scalable Cisco Internetworks (BSCI 642-901)
• Building Cisco Multilayer Switched Networks (BCMSN 642-812)
• Implementing Secure Converged Wide Area Networks (ISCW 642-825)
• Optimizing Converged Cisco Networks (ONT 642-845)

Option 2: Pass one Composite Exam plus two individual exams:

• Composite Exam (642-892) which includes topics from both BSCI and BCMSN
• Implementing Secure Converged Wide Area Networks (ISCW 642-825)
• Optimizing Converged Cisco Networks (ONT 642-845)

Throughout the years I have taken numerous Cisco exams myself. I have been using only two study resources which proved to be successful for me. With these study resources, I have managed to pass all of my exams from the first try. The two study resources that I recommend for passing the CCNP exams are the following:

1.Official Cisco Press Books:

The official books from Cisco are the real deal!!! For preparing for each CCNP exam, I would always study the corresponding Cisco Press book as a starting point. I used to spend at least 2-3 weeks just for studying the book from start to finish, and carefully taking notes for the points that I considered important. There are usually two types of Cisco Press books. Exam Certification Guides and Self-Study Guides.

The first book type (Certification Guide) focuses strictly on covering the exam topics as outlined by Cisco. Sometimes people complain that the Cisco Certification Guides are not enough as a sole resource to pass your exam. However, if you already have some experience with Cisco networks then a Certification Guide is the best choice and is more streamlined compared to a self-study guide.

The second book type (Self-Study Guide) is not directly focused on the exam topics. It rather provides a wider knowledge and can serve as a good reference material even after passing the exam.

For each individual exam I would recommend the following CCNP books from Cisco Press:

• For the BSCI Exam: CCNP BSCI Official Exam Certification Guide (4th Edition). A second option would be the Building Scalable Cisco Internetworks (BSCI) (Authorized Self-Study Guide) (3rd Edition).
• For the BCMSN Exam: CCNP BCMSN Official Exam Certification Guide (4th Edition). A second option would be the Building Cisco Multilayer Switched Networks (BCMSN) (Authorized Self-Study Guide) (4th Edition)
• For the ISCW Exam: CCNP ISCW Official Exam Certification Guide
• For the ONT Exam: CCNP ONT Official Exam Certification Guide

2.CCNP Computer Based Video Training:

The second essential study and training resource that I highly recommend is Computer Based Training (CBT Video Training). Books are good to help you cover the theory. However, you also need to master several practical aspects of the exam that you will be tested on. Cisco CCNP tests your ability and skills on hands-on scenarios and challenges in addition to theory. Therefore a good CCNP Video Training package is an excellent resource, in addition to books, to help you acquire the complete knowledge you need to pass the exams. I have used Trainsignal Video Trainings for passing all of my CCNP exams easily from the first try. The Trainsignal Video Trainings will offer you the hands-on practical element that you will not find in any other study resource. For more information you can visit the official Trainsignal website for each CCNP exam below:

• BSCI 642-901 Video Training
• BCMSN 642-812 Video Training
• ISCW 642-825 Video Training
• ONT 642-845 Video Training
• Complete CCNP Video Training Package