A piece of advice: never keep the default settings on your devices or networks. This should be rule number one when starting up a device or when installing a wifi network in your company. The initial configuration of devices, networks, or software is aimed at usability rather than security, but this trade-off comes at a great risk.
By taking the easy route and accepting the default settings when using a device for the first time, we might as well serve up our company’s confidential information on a silver platter. In fact, a quick internet search could allow cyberattackers to find the access credentials of certain devices, such as routers or videocameras.
The router is the main gateway to your network, and also to all devices connected to it. Therefore, someone who has obtained your router’s key could change the settings and hijack the network, leaving you without access. But that’s not the worst of it. Anyone with certain know-how will be able to access wifi-connected devices and steal confidential information. Keeping the default settings is a mistake that could be detrimental not only for the device in question, but also for the entire company.
The Challenge of Security in the Age of the IoT
Despite the great advantages that the Internet of Things will entail, having hundreds of connected devices will require security managers to monitor hundreds of potential vulnerabilities. And keeping the default settings with these devices is also a big mistake, as demonstrated by the massive DDoS attack perpetrated by the Mirai botnet. This botnet was designed to scan the Internet for devices with low levels of security, such as security cameras, and access them by testing passwords as simple as “admin” or “12345”. Performing more than 60 checks of combinations of usernames and passwords, Mirai was able to access almost 400,000 devices. This attack could have been avoided if hardware manufacturers required users to change the default password of their products. In turn, business leaders need to be aware that IoT devices, such as security cameras or thermostats, are potential attack vectors. Although the device itself does not contain valuable information, it is likely that it is connected to a network with access to the company’s internal files.
Be Selective About Which Programs Your Employees Use
Changing the default password is not the only measure that will help increase the degree of your company’s security. IT managers must also assess what programs and applications employees need and which they don’t, looking especially for those which can pose a threat to corporate security. In addition to selecting the most suitable applications, they must also tinker with the configuration of each device in order to strengthen security.
By selecting the essential software for our employees’ daily routine and keeping it updated, we minimize the risk of threats due to vulnerabilities in the tools they use. In this way, we will be limiting cybercriminals’ possible access points.
Although changing the configuration is an important step to obstructing potential cyberattacks, it is essential to make use of advanced cybersecurity methods that anticipate malicious behavior and trigger protection systems before the malware has the chance to run.
The post Default Configuration = Insecure Configuration appeared first on Panda Security Mediacenter.
Source: Panda
Source: IT News