Protecting Router Files

To protect a router’s image and configuration from an attacker’s attempt to erase those files, the Cisco IOS Resilient Configuration feature keeps a secure copy of these files. These files are called the bootset. Table details the steps required to configure Cisco IOS Resilient Configuration.


1. enable
2. configure terminal
3. secure boot-image
4. secure boot-config
5. end
6. show secure bootset


Step 1: Enable image resilience

The secure boot-image command, issued in global configuration mode, secures the Cisco IOS image. The secured image is hidden so that it does not appear in a directory listing of files.

Step 2: Secure the boot configuration

The secure boot-config command, issued in global configuration mode, archives the running configuration of a router to persistent storage.

Step 3: Verify the security of the bootset

The show secure bootset command can be used to verify that Cisco IOS Resilient Configuration is enabled and that the files in the bootset have been secured.




See Also:





biOos