Default Passwords and What You Can Do About Them - Page 2

By  Kurt Seifried | Oct 16, 2000
Page 2 of 3   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

So, these are the existing solutions:

Assign no password and make the user login and create a password. Maybe configure the product so that it does not function until a password is entered. This would be quite effective and would definitely encourage people to put a password in. It would also cause problems, though, when users plug it in and it doesn't work immediately.
Assign a default password and make the user login and change the password. Maybe configure the product so that it does not function until a password is entered. This would be quite effective and would definitely encourage people to put a password in. It would also cause problems, though, when users plug it in and it doesn't work immediately. This is no better then the no- password option since the default password will be widely published at some point. Many vendors opt for this solution, assigning a default password and (usually) telling the user to log in and change it.
Assign a random password and make the user login and change the password. Maybe configure the product so that it does not function until a password is entered. This would be quite effective and would definitely encourage people to put a password in. This would also cause a lot of grief to users, though, since they may lose the paper with the serial number. Some vendors that sell servers with the OS pre-loaded do this to the admin accountsa good idea. One variation would be to put the database online, so when you plug in the serial number, out pops the default password that was assigned. This assumes the serial number was stamped onto the product physically, and cannot be found via the network, etc. This would be a relatively safe option.

Use some other mechanism, such as a token. For a product such as a router, design the authentication to support tokens and preload the product and the token with the same "secret". To login, the user needs the token to create the response to a challenge. This would be expensive, and somewhat difficult for many users, but it would make breaking into the equipment via the network exceedingly difficult.

seifried@securityportal.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >