Securing ROMMON
By default, Cisco routers allow a user connected to the console port to
execute a keyboard break sequence to enter the ROM Monitor (ROMMON).
From ROMMON, it is possible to perform a password override sequence to
reset the enable secret while retaining the configuration file. To prevent
unauthorized users with physical access to the router from doing this, you
can use the no service password-recovery command. After this command
has been configured, it is impossible to reset any router passwords without
completely erasing the configuration