Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/25/2012
06:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Survey: 38% Of SMB professionals Must Run Telnet

Respondents were asked how their companies handled five insecure network configurations

SAN FRANCISCO, CA -- October 25, 2012 -- nCircle, the leader in information risk and security performance management, today announced the results of the company's "The Devil in the Defaults" study. In the study, over 100 small to mid-sized business IT professionals were asked how their companies handled five insecure network configurations that nCircle professionals state should be turned off: SNMP default community strings, SSHv1, SSLv2, Telnet and weak TLS ciphers.

Key findings from the study include:

61% of respondents were either unaware of SNMP default community strings on their network or say their business is required to run it.

58% of respondents were either unaware of SSHv1 on their network or say their business is required to run it.

64% of respondents were either unaware of SSLv2 on their networks or say their business is required to run it.

38% of respondents say their business is required to run Telnet.

67% of respondents say they were either unaware of weak TLS ciphers on their networks or say their business is required to run it.

"The only plausible reason to run Telnet is because a business partner requires it. In that case, IT professionals need to push aggressively to find another partner. There's just no way to make Telnet secure," said Andrew Storms, director of IT and security operations for nCircle. "It's also discouraging to see so many small businesses that aren't sure if they have insecure settings on their networks, since we know hackers are targeting these businesses aggressively."

The study was conducted online and through webinars between September 18 and October 18, 2012. To view the complete study, please visit: http://www.ncircle.com/index.php?s=resources_surveys_Devil-is-in-the-Defaults-2012.

About nCircle

nCircle is the leading provider of information risk and security performance management solutions to more than 6,500 businesses and government agencies worldwide. nCircle solutions enable enterprises of all sizes to (1) automate compliance and reduce risk, and (2) measure and compare the performance of their IT security program with their own goals and industry peers. nCircle solutions may be deployed on a customer's premises, as a cloud-based service, or in combination, for maximum flexibility and value.

nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership and has been ranked among the top 100 best places to work in the San Francisco Bay Area. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. To learn how you can more effectively protect your company visit us at http://www.ncircle.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...