Secure Router Configuration: One of the most important things you can do to secure your network is to secure the router. Though this is basic common sense, it is too often overlooked in the rush to finish the router configuration and move on the next job. To configure the router securely, you must do the following:
Change the default password: The password for the administrators is set before the router leaves the factory.
You have to assume that every intruder wanting unauthorized access to your network knows the default passwords set by the factory.
Employ good password principals (alphanumeric, more than eight characters, and so on), and change it to a value that is known only by those who must.
Walk through the advanced settings: Router manufacturers often issue patches when problems are discovered. Those patches need to be applied to the router to remove any security gaps that may exist.
Always remember to back your router configuration before making any significant changes—in particular a firmware upgrade—in order to provide a fallback in case something goes away.
NOTE: Cisco routes often use one of the two different types of password for their accounts: Type 7 and MD5.
Type 7 passwords use weak encryption and are considered only slightly above Type 0, which cleartext.
As such, Type 7 passwords are easily decrypted with readily available shareware/freeware and should be avoided.
MD5 password encryption uses a one-way hash, and this is configured in IOS (Cisco Internetwork Operating System) using the command enable secret.