A console port is a physical port. During device deployment and networking, physical isolation can be used to prevent unauthorized users from logging in to the device through the console port. Either password authentication or AAA authentication can be performed for console port-based login. When a device is started for the first time, you can configure the device for the first time after logging in to the device through the console port.
If no console port service is available, an attacker may attempt to break down physical isolation. After the attacker accesses the console port, a device is exposed to attacks and becomes insecure. In this case, the attacker can damage the device even if the attacker does not obtain a username or password. After the console port service is configured, a potential attacker may attempt to crack the username and password through a network connection to obtain system management rights.
To ensure console port security, you are advised to configure a correct authentication mode for the console port.
Console port authentication can be performed either in password or AAA mode. Password authentication is insecure, and therefore, you are advised to configure AAA authentication to use both usernames and passwords to authenticate users.
If the console port is not configured with authentication, you are advised to change the authentication mode to AAA authentication for the console user interface and configure the correct username and password in the AAA view.
None
Run the display current-configuration configuration user-interface command to check the configuration of the console port.