Re: Default Passwords for World Wide Packets/Lightning Edge Equipment

[Joe Greco <jgreco () ns sol net>]

> On Wed, Jan 06, 2010 at 10:45:32PM -0600, Joe Greco wrote:
> > > On Wed, Jan 6, 2010 at 7:19 PM, Dobbins, Roland <rdobbins () arbor net> wrote:
> > > > Which goes to show that they just really don't get it when it comes to security. ?Maybe they  should look here 
> > > > at all the entries for 'default credentials':
> > >
> > > Roland, this isn't the home wi-fi market we're talking about.  Anyone
> > > that's going to buy one of these puppies is going to have a clue about
> > > putting their password in. 
> >
> > You apparently missed the recent thread on NANOG where this guy was asking
> > for some help with "Default Passwords for World Wide Packets/Lightning Edge
> > Equipment" ...  apparently not everyone has the "clue" you expect them to.
>
> To be fair, he was just asking about factory resetting the device because
> the current password was unknown, then reconfiguring the device (I'm willing
> to be generous and assume that the reconfiguration included setting a new,
> secure password).

But that's my point.  Someone who is presumably reasonably clueful had
a problem determining what a predefined default password for a given 
device is.  If it's difficult to determine THAT, what sort of chance
does an engineer/admin have when he doesn't even possess the manual for
the device, and it requires some more clever and sophisticated serial-
number based method?

The fact that someone has purchased some extremely expensive device does
not guarantee that the next guy who has to run it will magically be able
to figure it all out.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.