nanog mailing list archives
RE: Default Passwords for World Wide Packets/Lightning Edge Equipment
From: Nathan Eisenberg <nathan () atlasnetworks us>
Date: Wed, 6 Jan 2010 01:49:47 -0800
Right - what I'm saying is the fact that there are default passwords at all is horribly insecure, and that the vendor in question should be prodded to change this dangerous practice.
I don't see how there's a security problem with equipment coming from the factory with factory default passwords. In my opinion, a breach caused by a reset of equipment to default configuration/passwords would suggest far more basic security issues, which are not at all mitigated by eliminating the existence of default passwords. I generally try to mitigate the issues further down the stack. I doubt factory default passwords are going anywhere, but even if they did go away, I would still strictly control access to my management interfaces, as well as the reset holes on my equipment, and so I would argue that I would be no more or less secure than I am now. But maybe I'm missing something? Best Regards, Nathan Eisenberg
Current thread:
- Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment George Bonser (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment George Bonser (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Steven Bellovin (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Jim Burwell (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment James Hess (Jan 06)