All Posts Tagged: VPN

Protecting you & your business: Change default passwords

David Pollino
Security

Our digital world brings huge benefits, but it also requires a To-Do list to stay protected.

Young bearded man in workshop checking a laptop.One of these tasks is basic but all the more important for that: Keep all your networked devices, equipment, and systems updated and use secure passwords. As more and more things in our lives become Internet-enabled, opportunities grow for criminals and hackers. As a reminder, think about what’s hit the headlines in recent times: hacked baby monitors and vehicles.

Think about things or systems you use that connect to the Internet. Vehicles, printers, and scanners are perhaps obvious, but what about alarm systems and air conditioning? Businesses need to think about critical infrastructure and other important embedded systems, appliances, and devices.

How to help yourself & your business

Always make sure you keep devices, systems, and software updated. Take a look at my recent post on this.

Another key tip: Change manufacturers’ default passwords. Attackers can easily identify and access Internet-connected systems that use shared default passwords. Default passwords are publicly documented and widely available on the Internet, which means that attackers can easily obtain them and identify those systems. They may attempt to log in using blank, default, and common passwords, a widely used attack technique.

Here are some common hardware, software, and systems that use default passwords:

  • Routers, access points, switches, firewalls, and other network equipment
  • Databases
  • Web applications
  • Industrial Control Systems (ICS) systems
  • Other embedded systems and devices
  • Remote terminal interfaces like Telnet and SSH
  • Administrative Web interfaces

Change default passwords for devices as soon as possible — and absolutely before deploying any system on a network such as the Internet. Use strong and unique passwords.

Restrict network access to trusted hosts and networks. Only allow Internet access to required network services, and unless absolutely necessary, do not deploy systems that can be directly accessed from the Internet.

If remote access is required, consider using VPN, SSH, or other secure access methods and, again, be sure to change default passwords.

Help yourself and your business stay protected.

Read More ›