Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/25/2012
06:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Survey: 38% Of SMB professionals Must Run Telnet

Respondents were asked how their companies handled five insecure network configurations

SAN FRANCISCO, CA -- October 25, 2012 -- nCircle, the leader in information risk and security performance management, today announced the results of the company's "The Devil in the Defaults" study. In the study, over 100 small to mid-sized business IT professionals were asked how their companies handled five insecure network configurations that nCircle professionals state should be turned off: SNMP default community strings, SSHv1, SSLv2, Telnet and weak TLS ciphers.

Key findings from the study include:

61% of respondents were either unaware of SNMP default community strings on their network or say their business is required to run it.

58% of respondents were either unaware of SSHv1 on their network or say their business is required to run it.

64% of respondents were either unaware of SSLv2 on their networks or say their business is required to run it.

38% of respondents say their business is required to run Telnet.

67% of respondents say they were either unaware of weak TLS ciphers on their networks or say their business is required to run it.

"The only plausible reason to run Telnet is because a business partner requires it. In that case, IT professionals need to push aggressively to find another partner. There's just no way to make Telnet secure," said Andrew Storms, director of IT and security operations for nCircle. "It's also discouraging to see so many small businesses that aren't sure if they have insecure settings on their networks, since we know hackers are targeting these businesses aggressively."

The study was conducted online and through webinars between September 18 and October 18, 2012. To view the complete study, please visit: http://www.ncircle.com/index.php?s=resources_surveys_Devil-is-in-the-Defaults-2012.

About nCircle

nCircle is the leading provider of information risk and security performance management solutions to more than 6,500 businesses and government agencies worldwide. nCircle solutions enable enterprises of all sizes to (1) automate compliance and reduce risk, and (2) measure and compare the performance of their IT security program with their own goals and industry peers. nCircle solutions may be deployed on a customer's premises, as a cloud-based service, or in combination, for maximum flexibility and value.

nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership and has been ranked among the top 100 best places to work in the San Francisco Bay Area. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. To learn how you can more effectively protect your company visit us at http://www.ncircle.com.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24119
PUBLISHED: 2021-05-14
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
CVE-2020-27833
PUBLISHED: 2021-05-14
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first c...
CVE-2021-22866
PUBLISHED: 2021-05-14
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App o...
CVE-2021-27737
PUBLISHED: 2021-05-14
Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.
CVE-2021-32054
PUBLISHED: 2021-05-14
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.