[120919] in North American Network Operators' Group
RE: Default Passwords for World Wide Packets/Lightning Edge Equipment
daemon@ATHENA.MIT.EDU (Nathan Eisenberg)
Wed Jan 6 04:51:11 2010
From: Nathan Eisenberg <nathan@atlasnetworks.us>
To: NANOG list <nanog@nanog.org>
Date: Wed, 6 Jan 2010 01:49:47 -0800
In-Reply-To: <EE181B23-A68B-4B4F-A1C5-FADE37F1E617@arbor.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Right - what I'm saying is the fact that there are default passwords at
> all is horribly insecure, and that the vendor in question should be
> prodded to change this dangerous practice.
I don't see how there's a security problem with equipment coming from the f=
actory with factory default passwords.=20
In my opinion, a breach caused by a reset of equipment to default configura=
tion/passwords would suggest far more basic security issues, which are not =
at all mitigated by eliminating the existence of default passwords.
I generally try to mitigate the issues further down the stack. I doubt fac=
tory default passwords are going anywhere, but even if they did go away, I =
would still strictly control access to my management interfaces, as well as=
the reset holes on my equipment, and so I would argue that I would be no m=
ore or less secure than I am now.
But maybe I'm missing something?
Best Regards,
Nathan Eisenberg
