The U.S. Computer Emergency Readiness Team (US-CERT) recently issued an alert to warn organizations about the risk...
of putting devices on the network with default passwords. Do you recommend any pointers for putting a system in place to avoid this?
Ask the Expert
Have a network security question for Brad Casey? Submit it now via email. (All questions are anonymous.)
If devices are logging on to your network using default passwords, your organization is vulnerable in a number of ways. We won't delve into them here, but it's fairly simple for an attacker to discover these passwords and use them to infiltrate your systems.
To mitigate these threats, I highly recommend a Linux distribution such as BackTrack 5, a free pen-testing and vulnerability discovery tool developed by Offensive Security Ltd. In recent months, Offensive Security released a new distribution known as Kali Linux, but until it becomes more widely accepted and mainstream, I will continue to refer people to BackTrack 5.
BackTrack 5 can be easily downloaded from Offensive Security's website. It also has an option to install as a virtual machine. Once installed, you'll find a plethora of security tools, several of which are vital to addressing the default password problem.
The first tool is the Cisco OCS Perl script, which scans the network for Cisco devices. If it finds one, it attempts to log in with the password "cisco," as this is the default password on many Cisco devices.
The second tool BackTrack 5 contains is Metasploit, which is perhaps more important than the first. Within Metasploit, you'll find many different modules that scan the network for default passwords. For example, the Ektron CMS400.NET Password Scanner module searches for Ektron CMS installations within a network that are using default passwords set up by the vendor.
While there are a number of tools and technologies available to combat the default password problem, my experience has found that the multifaceted BackTrack 5 offers the best options.
Dig Deeper on Password management and policy
Related Q&A from Brad Casey
Allowing users to tunnel through a firewall to access any site creates a security risk. How big of a risk is it? It depends on how much you trust ... Continue Reading
Our IT organization needs to secure customer names, but also needs to conduct searches on the entire customer database to match and merge records. Continue Reading
Don't treat physical and virtual machines' security differently. Since VM security issues threaten the whole infrastructure, here's how to stop ... Continue Reading