A serious vulnerability was recently found in Cisco Systems Inc.'s TelePresence systems that could be triggered
due to default credentials being left in place after system setup. Could you provide some security best practices that enterprises could implement for such systems, particularly in regard to the use of unique credentials?
Ask the Expert
Do you have a network security question for our expert? Submit it now via email! (All questions are anonymous)
This was a profound vulnerability, to say the least. Upon installation of the Cisco TelePresence software, an account is created with a default username and password. If an attacker with knowledge of default Cisco usernames and passwords connected to the Cisco TelePresence Web server, they would have administrative access to the system; at that point, the attacker would "own the box."
While a fix -- Cisco TelePresence System Software Release version 1.10.2 -- has been released, some older systems may not support the upgrade. In this case, Cisco recommends that customers:
- Connect to the system.
- Proceed to Cisco Unified CM Administration.
- Select Device > Phone.
- Search, and select the configured Cisco TelePresence unit.
- Under the SSH information, change the username helpdesk to pwrecovery, then change the password.
In terms of best practices, the one I think is the most important, yet is overlooked, is that of default usernames and passwords -- especially if you have any Cisco devices within your infrastructure. It is critical to learn the default accounts that are on your network devices and change them. This is such a simple step -- and it's just a matter of adding an item to your setup checklist and knowing what those default credentials are -- but I am amazed at how often it is unheeded.
Dig deeper on Network Protocols and Security
Related Q&A from Brad Casey, Contributor
Can Project Sonar, an Internet-scanning project, benefit enterprise network security? Expert Brad Casey discusses.continue reading
Does your enterprise track eliminated firewall rules? It's one of the change management best practices suggested by expert Brad Casey.continue reading
The Department of Defense is using a converged network security architecture to simplify security management. Learn about the security benefits.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.