Edge Articles

Plug and play is an alluring promise and a dangerous reality when it comes to devices attached to an enterprise network. It's great when the device is able to handle all the network protocols and handshaking without human intervention. But when those humans get swept up in the exhilaration of the plug-and-play moment and forget to change some widely known defaults, the convenience can quickly become a vulnerability.

When most people think of dangerous defaults, they think about admin account names and passwords. There's no question that these widely available credentials that ship as defaults on devices can be significant vulnerabilities if they aren't changed during initial configuration (as pretty much every vendor suggests you do). But there are other configuration items that can be just as dangerous in slightly different ways.

There have been numerous incidents in which the default configuration of cloud services or applications left both the infrastructure and data vulnerable to attack. One could use an overly broad brush to paint anything with the word "public" as a configuration default to be something that should be treated as a threat. But vendors and service providers have been closing those vulnerabilities, and they are now far less common than they were in the middle of the 2010s.

Before getting into the specifics of some of the defaults that should be on security pros' radar screens, we should say without reservation that no default username or password should ever survive the initial setup session. In a reasonable world (we won't stretch as far as "perfect"), everyone setting up a service, application, or piece of hardware would change the admin user name and password as soon as the configuration scripts allow — so we can agree that if the things that follow are a vulnerability, something has gone wrong in the process.

With that said, humans — and human-created processes — are fallible. Just in case your organization has either humans or processes that are susceptible to failure, here are a half-dozen products and services that you should look for on network scans. And to be sure — if you can find them, the odds are reasonably good that a curious hacker with access to Shodan can find them, too.  

(Image: momius via Adobe Stock)

Plug and play is an alluring promise and a dangerous reality when it comes to devices attached to an enterprise network. It's great when the device is able to handle all the network protocols and handshaking without human intervention. But when those humans get swept up in the exhilaration of the plug-and-play moment and forget to change some widely known defaults, the convenience can quickly become a vulnerability.

When most people think of dangerous defaults, they think about admin account names and passwords. There's no question that these widely available credentials that ship as defaults on devices can be significant vulnerabilities if they aren't changed during initial configuration (as pretty much every vendor suggests you do). But there are other configuration items that can be just as dangerous in slightly different ways.

There have been numerous incidents in which the default configuration of cloud services or applications left both the infrastructure and data vulnerable to attack. One could use an overly broad brush to paint anything with the word "public" as a configuration default to be something that should be treated as a threat. But vendors and service providers have been closing those vulnerabilities, and they are now far less common than they were in the middle of the 2010s.

Before getting into the specifics of some of the defaults that should be on security pros' radar screens, we should say without reservation that no default username or password should ever survive the initial setup session. In a reasonable world (we won't stretch as far as "perfect"), everyone setting up a service, application, or piece of hardware would change the admin user name and password as soon as the configuration scripts allow — so we can agree that if the things that follow are a vulnerability, something has gone wrong in the process.

With that said, humans — and human-created processes — are fallible. Just in case your organization has either humans or processes that are susceptible to failure, here are a half-dozen products and services that you should look for on network scans. And to be sure — if you can find them, the odds are reasonably good that a curious hacker with access to Shodan can find them, too.  

(Image: momius via Adobe Stock)

1 of 7