Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/25/2012
06:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Survey: 38% Of SMB professionals Must Run Telnet

Respondents were asked how their companies handled five insecure network configurations

SAN FRANCISCO, CA -- October 25, 2012 -- nCircle, the leader in information risk and security performance management, today announced the results of the company's "The Devil in the Defaults" study. In the study, over 100 small to mid-sized business IT professionals were asked how their companies handled five insecure network configurations that nCircle professionals state should be turned off: SNMP default community strings, SSHv1, SSLv2, Telnet and weak TLS ciphers.

Key findings from the study include:

61% of respondents were either unaware of SNMP default community strings on their network or say their business is required to run it.

58% of respondents were either unaware of SSHv1 on their network or say their business is required to run it.

64% of respondents were either unaware of SSLv2 on their networks or say their business is required to run it.

38% of respondents say their business is required to run Telnet.

67% of respondents say they were either unaware of weak TLS ciphers on their networks or say their business is required to run it.

"The only plausible reason to run Telnet is because a business partner requires it. In that case, IT professionals need to push aggressively to find another partner. There's just no way to make Telnet secure," said Andrew Storms, director of IT and security operations for nCircle. "It's also discouraging to see so many small businesses that aren't sure if they have insecure settings on their networks, since we know hackers are targeting these businesses aggressively."

The study was conducted online and through webinars between September 18 and October 18, 2012. To view the complete study, please visit: http://www.ncircle.com/index.php?s=resources_surveys_Devil-is-in-the-Defaults-2012.

About nCircle

nCircle is the leading provider of information risk and security performance management solutions to more than 6,500 businesses and government agencies worldwide. nCircle solutions enable enterprises of all sizes to (1) automate compliance and reduce risk, and (2) measure and compare the performance of their IT security program with their own goals and industry peers. nCircle solutions may be deployed on a customer's premises, as a cloud-based service, or in combination, for maximum flexibility and value.

nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership and has been ranked among the top 100 best places to work in the San Francisco Bay Area. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. To learn how you can more effectively protect your company visit us at http://www.ncircle.com.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: What Virtual Reality phishing attacks will look like in 2030.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21652
PUBLISHED: 2021-05-11
A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2021-21653
PUBLISHED: 2021-05-11
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2021-21654
PUBLISHED: 2021-05-11
Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2021-21655
PUBLISHED: 2021-05-11
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2021-21656
PUBLISHED: 2021-05-11
Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.