no service password-recovery
This command will disable the router from entering ROMMON mode so intruders are unable to perform the easy Cisco Password Recovery procedure.
However, and intruder can still erase your configuration and reset the config on the router by entering the “break key” sequence within 5 seconds after the image decompresses at bootup.
There is also a reset button on newer routers that will do the same thing. You will have a non-functioning router at this point but at least your router information is not leaked.
As well, introders have access to the console port in which they may try some brute force attacks if there is login information required.
I have seen some routers not even secured at all from a console port perspective.
One command I always love to help protect the console port is with the following command:
(config)#line con 0
(config-line)# activation-character 56
You can hit enter on the keyboard until your heart is content with this command but it won’t do anything for your console screen.
The number 56 in the command is actually an ASCII value that represent the number eight.
So if you push the number 8 on your keyboard, the console will “come alive” You can map to alot of different ASCII values so pick one that you like.
I hope this helps you secure routers a little better if you have no way to secure them physically.