Welcome to Infoblox NetMRI Community Sign in | Join | Help
in Search
Home Blogs Support Forums Downloads www.infoblox.com

Matt's Blog
RSS Feed

Default Passwords Unlock the Back Door for Security Attacks

A recent PCMag article by Larry Seltzer highlighted some of the security risks within routing infrastructures and how the uniquely named Chuck Norris botnet looks across network devices and finds default passwords as an entry point to spread harmful code or take control of devices. Even though this one has been named Chuck Norris, I’m much more a fan of Sydney Bristow who doesn't seem so 1980's.

It is interesting that organizations spend thousands or millions of dollars trying to build secure infrastructures by putting up the “biggest fence” to build a strong perimeter, but like any action/spy fan knows, all it takes is a little help from the inside or one small weakness and wham, the bad guys are in. While a strong foundation is important, it’s not the only step to ensure a secure and protected environment.

Although this article focused on the individual PC world, the problem can be just as huge for organizations dealing with their routing and switching network infrastructure. I’m scared to admit the amount of times I’ve seen organizations leave default passwords on their devices, or never change passwords when employees leave to join competitors or are terminated. That small back door is just enough for someone to get in and wreak havoc. Adding to the potential pain, once in, most IT teams would never see any modifications or changes unless an outage was caused. And the smarter bad guys know how to get the information they want without triggering alarms or build a sinister plot to cause as much damage as possible. 

Organizations need to build and maintain a strong and secure infrastructure. With embedded intelligence and automation, users can set rules and policies notifying the IT team when passwords are weak or not changed periodically, and, if a bad guy happens to get in through the front or back door, the system logs and tracks all changes to the network infrastructure devices. So if an unplanned change is made, an issue is generated and the good guys can stop the bomb from going off and damaging the entire system. 

Published Feb 24 2010, 07:57 AM by mgowarty
Filed under: , , , ,

Comments

No Comments

Leave a Comment

(required) 
(optional)
(required) 
Submit

About mgowarty

Matt Gowarty is leading the product marketing aspects for Netcordia and positioning NetMRI in the Network Configuration and Change Management (NCCM) space. Matt has over 12 years of IT experience with focus on network and application management, telecommunications and performance management. Prior to joining Netcordia, Matt worked with leading companies including Visual Networks, Verizon, GTE and Fluke Networks. Over the past decade, Matt has been a thought leader in the performance management space being a frequent speaker and contributor for tradeshows, seminars, webinas and whitepaper with topics including MPLS management, VoIP, Managing the Impact of Change and Application Performance Management. Matt has his MBA from Penn State Univeristy and his BSBA from Robert Morris College.

This Blog

Syndication
© 2010 Infoblox Inc. All rights reserved. All registered trademarks are property of their respective owners. | www.infoblox.com