Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

8/4/2020
03:10 PM
Curtis Franklin Jr.
Curtis Franklin Jr.
Edge Features
100%
0%

6 Dangerous Defaults Attackers Love (and You Should Know)

Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.

Plug and play is an alluring promise and a dangerous reality when it comes to devices attached to an enterprise network. It's great when the device is able to handle all the network protocols and handshaking without human intervention. But when those humans get swept up in the exhilaration of the plug-and-play moment and forget to change some widely known defaults, the convenience can quickly become a vulnerability.

When most people think of dangerous defaults, they think about admin account names and passwords. There's no question that these widely available credentials that ship as defaults on devices can be significant vulnerabilities if they aren't changed during initial configuration (as pretty much every vendor suggests you do). But there are other configuration items that can be just as dangerous in slightly different ways.

There have been numerous incidents in which the default configuration of cloud services or applications left both the infrastructure and data vulnerable to attack. One could use an overly broad brush to paint anything with the word "public" as a configuration default to be something that should be treated as a threat. But vendors and service providers have been closing those vulnerabilities, and they are now far less common than they were in the middle of the 2010s.

Before getting into the specifics of some of the defaults that should be on security pros' radar screens, we should say without reservation that no default username or password should ever survive the initial setup session. In a reasonable world (we won't stretch as far as "perfect"), everyone setting up a service, application, or piece of hardware would change the admin user name and password as soon as the configuration scripts allow — so we can agree that if the things that follow are a vulnerability, something has gone wrong in the process.

With that said, humans — and human-created processes — are fallible. Just in case your organization has either humans or processes that are susceptible to failure, here are a half-dozen products and services that you should look for on network scans. And be sure — if you can find them, the odds are reasonably good that a curious hacker with access to Shodan can find them, too.  

 

(Image: momius via Adobe Stock)

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ...
View Full Bio
Previous
1 of 7
Next
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Flash Poll