Don’t Forget to Change Device Defaults.
All hardware devices are configured with a factory default username and password to allow the consumer to setup the device to his requirement once in their possession.
Unfortunately this can pose a big security risk for businesses if no IT security procedures are in place to instruct the individual configuring the device to change the credentials before or after setting up the hardware.
Suppose you took delivery of a new firewall and the user configured the device to be really tight on security, locking down inbound and outbound rules, enabling IPS and Antivirus, but didn’t change the default admin password?
A Hacker could scan the firewall and log into the device using the default credentials that can be easily found on the internet. From there the Hacker has complete admin control of your firewall and access to the local area network.
This technique was used by a Hacker back in 2002 called Gary McKinnon who broke into a number of NASA’s networks to gather information. He used an automated process which consisted of a PERL script that scanned a range of NASA addresses and used SXLLM credentials to gain access to their system.
Although changing the username and passwords may seem the most obvious and easy thing to change, it goes to show that despite implementing high end security hardware it’s the human element side of things that has resulted in the system being compromised.
IT Governance is key here and to ensure that individuals follow instructions certain Policies and Procedures need to be implemented and enforced by upper management to reduce the Risk of this happening.
Don’t think it’s just external devices that need their default credentials changed. You will find that a large quantity of SME’s and institutions are only concerned about their external facing devices being compromised and forget about their internal devices. Do not fall into this trap!
Attacks occur from the inside of the network too! This could be a tech savvy individual messing around on the network or worse still a disgruntled employee wanting to cause havoc. With this in mind it’s important to ensure that all default credentials on all devices on the network are changed so that access is restricted. The last thing you want is for someone to compromise the network and change rules to allow them remote access from home.