Part 2:5 Dangerous Default Credentials – secure your network
We regularly conduct network penetration tests for clients large and small, and whose security capabilities cross the spectrum. Despite the diversity of our customer base, we frequently encounter the same vulnerabilities, the consequences of which can be bad news for an organisation’s security posture.
Want to know more? Get in touch with one of our experts today
In this series we address the 5 commonest network security issues together with practical advice you can apply today.
In this 2nd part we look at the prevalence of default credentials on internal networks and why they can significantly undermine security.
Default user name and passwords – a hacker’s gift
One of the first things a hacker checks is whether the default account and password are enabled on a device. Websites such as www.defaultpassword.com list the default credentials, old and new, for a wide variety of devices – routers, printers, phones, even toasters, you name it.
In 2014 Trustwave released the results of an analysis of 691 data breaches and concluded that one third were due to weak or default passwords (i). This year Trustwave reported that less than 8% of analysed breaches were due to weak or default credentials (ii).
While the trend suggests that password security is improving, it remains crucial to have a process in place for dealing with new equipment which may still be configured with the manufacturer’s passwords.
The potential security impacts of manufacturers’ user names and passwords
Companies usually install additional devices e.g. IP phones, teleconferencing systems and specialist appliances, without changing the administrator password thus leaving maintenance services accessible to anyone on the network.
In one instance, a teleconferencing system was found to have the manufacturer’s default user name and password which enabled our Pen Testers to log in and monitor the client’s conference room via the in-built camera and microphone. In a real cyber-attack, this could well expose sensitive business information.
Furthermore, devices often have management consoles which can be used to perform network surveillance. For example, some brands of multi-functional printers allow you to run network reconnaissance tools. This is a stealthy way for attackers to check for responsive devices without revealing their address.
Conclusions and network protection advice
To reduce the risk of security breaches through default credentials which have been left configured on network devices, it’s best to implement a process to change the passwords, and if possible account names, when new equipment is installed.
Whilst this may add a little time to the process, it’s nothing compared to the time and cost managing the aftermath of a cyber-attack.
If you would like assistance with your network security, you are welcome to call us on 0113 880 0722 or click here to contact us. Our experts will be glad to support you.