Plug It – But Change the Password Before You Play It!

In today’s technology environment, whether personal or business, every device and most software packages come with default passwords. When these devices are installed, users frequently leave the default passwords in place. When default passwords are left unchanged, any person with less than perfect scruples (read: MALICIOUS HACKERS) can access your device and gain access to other devices on your network.

Although it sounds absurd, many people do not think about changing their passwords on their routers, on their firewall appliances or on their MAC addressed devices. Using easily available tools on the Internet, the type of device can be easily determined. Other sites have published default passwords or administrative passwords for commonly installed devices and appliances. This potentially puts millions of devices – with IP addresses and MAC addresses- at risk for exploitation.

Some examples that you may not think about: smart TVs, gaming consoles, refrigerators, industrial control systems, business phone systems and voice mail systems. This is in addition to the regular favorites – routers, wireless access points, firewalls and computers.

According to the US Computer Emergency Readiness Team (US-CERT) a hacker with knowledge of the password and network access to a system can log in, usually with root or administrative privileges. The consequences depend on the type and use of the compromised system. Examples of incident activity involving unchanged default passwords include

  • Internet Census 2012 Carna Botnet distributed scanning
  • Fake Emergency Alert System (EAS) warnings about zombies
  • Kaiten malware and older versions of Microsoft SQL Server
  • SSH access to jailbroken Apple iPhones
  • Cisco router default Telnet and enable passwords
  • SNMP community strings

The first thing that you can do to address this problem is to always – ALWAYS- give a device a unique non default password. Recommended passwords should be strong- meaning that the include both alpha numeric characters, capitals and symbols (!,@,#,$,% & ).

If you manage technology for others – coworkers, clients, family members or friends- always enforce a password changing policy when you set up new devices. Always change passwords from default passwords.

More importantly, restrict access to your network. Make sure that only those users who should be allowed on the network are allowed on your network. With the amount of cyber attacks growing at an alarming rate, the safety of information on a network is only as good as the passwords restricting access to the network.

If you are interested in seeing how secure your network is, there are a number of legitimate sites that will show you how to scan your network for vulnerabilities and secure the access.

For more information on how you can put together all of the pieces of your business’s IT puzzle, visit http://www.primetelecommunications.com/data-solutions. Other great sources of information are the US Computer Emergency Readiness Team at http://www.us-cert.gov/ncas.

Advertisements

About Vic Levinson
Telecommunications and IT professional with over 20 years experience in Business Telecommunications. Specializing in voice over IP (VoIP) for business: hosted VoIP, business VoIP phone systems, SIP providers, carriers, T1's - the works. Founded Prime Telecommunications in 1993 and providing business communications solutions. Cloud Applications- everything from hosted network security, hosted Disaster Recovery, hosted printer management, data centers and colocation solutions for businesses.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: