Attacks/Breaches
10/25/2012
06:30 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Survey: 38% Of SMB professionals Must Run Telnet

Respondents were asked how their companies handled five insecure network configurations

SAN FRANCISCO, CA -- October 25, 2012 -- nCircle, the leader in information risk and security performance management, today announced the results of the company's "The Devil in the Defaults" study. In the study, over 100 small to mid-sized business IT professionals were asked how their companies handled five insecure network configurations that nCircle professionals state should be turned off: SNMP default community strings, SSHv1, SSLv2, Telnet and weak TLS ciphers.

Key findings from the study include:

61% of respondents were either unaware of SNMP default community strings on their network or say their business is required to run it.

58% of respondents were either unaware of SSHv1 on their network or say their business is required to run it.

64% of respondents were either unaware of SSLv2 on their networks or say their business is required to run it.

38% of respondents say their business is required to run Telnet.

67% of respondents say they were either unaware of weak TLS ciphers on their networks or say their business is required to run it.

"The only plausible reason to run Telnet is because a business partner requires it. In that case, IT professionals need to push aggressively to find another partner. There's just no way to make Telnet secure," said Andrew Storms, director of IT and security operations for nCircle. "It's also discouraging to see so many small businesses that aren't sure if they have insecure settings on their networks, since we know hackers are targeting these businesses aggressively."

The study was conducted online and through webinars between September 18 and October 18, 2012. To view the complete study, please visit: http://www.ncircle.com/index.php?s=resources_surveys_Devil-is-in-the-Defaults-2012.

About nCircle

nCircle is the leading provider of information risk and security performance management solutions to more than 6,500 businesses and government agencies worldwide. nCircle solutions enable enterprises of all sizes to (1) automate compliance and reduce risk, and (2) measure and compare the performance of their IT security program with their own goals and industry peers. nCircle solutions may be deployed on a customer's premises, as a cloud-based service, or in combination, for maximum flexibility and value.

nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership and has been ranked among the top 100 best places to work in the San Francisco Bay Area. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. To learn how you can more effectively protect your company visit us at http://www.ncircle.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web