nanog mailing list archives
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
From: Matthew Palmer <mpalmer () hezmatt org>
Date: Thu, 7 Jan 2010 12:54:22 +1100
On Wed, Jan 06, 2010 at 08:41:14PM -0500, Joel Esler wrote:
On Wed, Jan 6, 2010 at 8:26 PM, Steven Bellovin <smb () cs columbia edu> wrote:On Jan 6, 2010, at 6:24 PM, Jeffrey I. Schiller wrote:An option I saw years ago (I forgot on whose equipment) was a default password which was a function of the equipment's serial number. So you had to have the algorithm and you needed the serial number which was not related to the MAC. So if you didn't have physical access, you were not in a good position to learn the password. I suspect this was a support nightmare for the vendor and I bet they went to a more standard (read: the same) factory password. At the end of the day, minimizing support costs for the vendor (not to mention likely annoyance for the customer) trumps providing "default" security for the folks who won't change the default password.The MyFi apparently does this. According to http://www.nytimes.com/2009/05/07/technology/personaltech/07pogue.html"The network password is printed right there on the bottom of the MiFi itself."At least it's not "0000". But yes, my Mifi *had* the password on the bottom.
As long as the passwords are reasonably secure (ie not generated to a simple pattern that can be easily brute forced) and they can be changed, I'd consider that to be pretty reasonable security. As has been mentioned in this thread already, if someone's got physical access to your equipment you're dead in the water, security wise, so having the device-specific "factory" default password on the equipment is far more secure than having a single factory default password, whilst being *far* more user friendly than a hash-the-serial-number approach -- or even a "prompt for a password before I'll do anything" (which, I agree, is the most secure, but is still not very usable). For the record, all of my personal networking gear has the admin credentials (and whatever else I need to get into them, like IP addresses, etc) written on it. I don't trust myself to remember those over the years, and assuming that anything else is going to be working when I *need* to get into them seems awfully optimistic. - Matt
Current thread:
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment, (continued)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Joel Jaeggli (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Valdis . Kletnieks (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Jon Lewis (Jan 13)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Barry Shein (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Matthew Palmer (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment gordon b slater (Jan 12)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Steven Bellovin (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Joel Esler (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Mark Foster (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Matthew Palmer (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Joe Hamelin (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment George Bonser (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Sean Donelan (Jan 07)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Jason Shearer (Jan 07)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Joe Hamelin (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Joe Greco (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Matthew Palmer (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Joe Greco (Jan 06)