T 4.49 Insecure default settings on routers and switches

Active network components are often delivered by the manufacturer with insecure default configurations, endangering the ability to use the component securely. For some devices, the system commands for displaying a configuration furthermore do not display all parameters.

The following aspects are often problematic:

Operating system

Active network components are often delivered with an outdated version of the operating system.

Hostname

Default hostnames often betray the name of the manufacturer of the devices.

Services

Devices are usually delivered with a default factory configuration in which numerous services are enabled. For example, these may include HTTP, Telnet, FINGER, or other services.

User accounts and passwords

The user accounts set up ex-factory often use documented and therefore generally known default user names and default passwords. Lists of manufacturer-specific default accounts and passwords can be downloaded from the internet.

Insecure SNMP versions

Authentication is performed in SNMPv1 and SNMPv2 using only a single plain-text community string. Almost all manufacturers set the default read community string to "public", while the write community string is usually set to "private". If one of the insecure SNMP versions is used and a separate administration network was not set up for administration purposes, an attacker may easily gain control over the network components if these default settings remain enabled.

Routing protocols

Routing protocols are enabled by default on routers and switches of different manufacturers.

Login banners

Login banners of different devices give away the model or version number of a device by default, for example. This information may be used to select known exploits in a targeted manner and thus make it easier for attackers to perform attacks.