Foreign-made security appliances are widely deployed on the networks of our country’s most sensitive government agencies and public utilities. And these appliances come pre-installed with default passwords – hidden backdoors that create all sorts of security holes.
While some might argue that ignorance is bliss, when an organization’s IT security hangs in the balance, remaining clueless isn’t a viable option. In this guest post, Jane Grafton of Lieberman Software describes five common IT security myths. All too often people hide behind what they ‘want’ to believe is…
If you’re not already familiar with the issue of built-in passwords, you need to be. Many hardware devices come pre-configured with default credentials that might never get changed – and are publicly known.
All too frequently these hard-coded credentials create an ASP.NET security hole because they grant unlimited access to corporate databases or are super-user (root and administrator) accounts with unlimited, domain-wide access.
Default passwords for these powerful, out-of-band devices are seldom changed and widely published. [For example, Dell cards use the default password calvin.] This means that anyone with network access and malicious intent can login and power down your datacenter hardware.