One of the most commonly overlooked security vulnerabilities on a corporate network can also be easily exploited – the Default Password. With so much emphasis about our own personal passwords; the need to frequently change them and to keep them complex and and unguessable, companies often forget that many computers, servers and network devices come pre-configured with default passwords. For example, if you order a Netgear router for your internet and WiFi connections, the device has a default username/password to configure the device of admin/password. Routers, switches and sometimes even operating systems often come with a simple login which can be easily Googled or perhaps have no password at all! A few years ago, some enterprising bad operators were using telephones to access the neglected configuration credentials of onsite phone systems.
What you can/should do:
1) If you use a in-house phone system (Panasonic, Avaya, Nortel, ShoreTel, etc.) contact your phone provider right now and ask if they have changed the default password for your system. Some of our clients discovered that their phone systems had been hacked and were making hundreds of toll calls overseas after hours on their dime!
2) If you do not know the login and password for your internet router or WiFi access point (not your WiFi password, but rather the credentials used to configure the device), find out from the person managing it if they have changed the default password.
3) Do the same with your Camera and Security systems or any other devices that can be accessed from the internet.
4) Audit your workstations and servers to make sure that the Administrator and Guest accounts are either disabled or that strong passwords have been assigned to them.
Infinity Networking can run a complimentary Network Security Scan to help you identify potential security holes in you company’s network. Contact us for you free assessment today.
