Announcement

Collapse
No announcement yet.

Change Your Passwords...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Change Your Passwords...

    Some installers may not know this, but annotated and updated lists are maintained of all default passwords for many types of IT equipment. Routers, firewalls, etc...

    For everyone who has a Linksys wireless router, a sign of "do I care" has always been:

    SSID: linksys
    Username: admin
    Password: admin

    A list of many, many, many device's default usernames, passwords, and other interesting information: http://www.phenoelit.de/dpl/dpl.html

    Remember, leave no default password on a device.
    Some Kind of Commando Leader

    "Every time I see another crazy Florida post, I'm glad I don't work there." ~ Minneapolis Security on Florida Security Law

  • #2
    Nathan, that was sound advice. Changing passwords is a critical portion of IT security. My survey experience has shown this does not occur; worse yet, they are written on "postem's" stuck to front or sides of the screen. One person competing for a Darwin award had a printed card marked "my passwords" taped to the top of the desk.
    Enjoy the day,
    Bill

    Comment


    • #3
      You can have yoursystem set up to automaticaly require password changes after a predetermined period.
      The FD I retired from had this set up.

      Comment


      • #4
        Originally posted by ACP01
        You can have yoursystem set up to automaticaly require password changes after a predetermined period.
        The FD I retired from had this set up.
        Unfortunately, most of the hardware routers, gateways, etc do not have this ability, since "no one should have access to them." The issue, of course, is that the second you place a wireless router in your network, all external threats just became internal. Same for loose and active ethernet ports.

        Many a penetration tester has simply walked into a conference room with a laptop and gotten into the ultra-secure LAN fron the inside. And if the company is using default passwords on the interior routers/gateways/firewalls, etc... Then he controls every one of them as Admin.
        Some Kind of Commando Leader

        "Every time I see another crazy Florida post, I'm glad I don't work there." ~ Minneapolis Security on Florida Security Law

        Comment


        • #5
          Originally posted by ACP01
          You can have yoursystem set up to automaticaly require password changes after a predetermined period.
          The FD I retired from had this set up.
          Every place I work, except one, has this policy.

          The other ISSUES passwords and does not let the employee change them. Ever.

          I was told it is so that IT has a record of my password and can log in to my account. I was under the impression that in an NT enviroment an Admin could see everything I did - am I wrong?
          The views expressed here are mine and do not reflect the official opinion of my employer or the organization through which the Internet was accessed.

          Comment


          • #6
            EMTjon, One of the stations was caught viewing **** by the "Geek Squad" and web priv was almost jerked for the whole department so I would say they could tap into the stream to/from the stations.

            Comment


            • #7
              Yes, a Windows Administrator account can use Terminal Services or Remote Desktop to view what a client account on another PC is doing.

              As far as the "Geek Squad," heh. Its trivial to catch someone viewing websites they're not supposed to. A 4th grader can pull up the cache of where you've been as well as Internet Explorer's history, and know every site you've went to.

              That kind of silliness is generally smoke and mirrors, designed to justify spending 300 dollars to plug a 90 dollar Wireless Router in, set a unique password, and leave.

              A real IT security department would of been e-mailed by the snort daemon the moment one of your PCs was watching ****, and had the firewall route your request for the website to an internal LAN webpage stating the policy and that breaches in policy are flagged for review.
              Some Kind of Commando Leader

              "Every time I see another crazy Florida post, I'm glad I don't work there." ~ Minneapolis Security on Florida Security Law

              Comment

              Leaderboard

              Collapse
              Working...
              X