One of the most significant areas of technical concern in the area of information security and assurance is what we have come to call the three P’s – Passwords, Patching and Ports.?
Default and weak passwords continue to impact organizations, especially on company’s internal networks. These weak passwords, open network shares, blank usernames and other “default” and “weak” access points allow for unauthorized access by internal employees and potential “hackers.” Companies continue to have difficulties having a policy or process in place to enforce and manage these basic vulnerabilities. .
The First P – Passwords: Active Directory and password complexity has helped with this problem but often does not provide enforcement for the entire organization. Cisco routers and switches are typically the responsibility of a different group and often one administrator has access to many, many systems using a weak or easily guessed password so that they can access these systems without forgetting their password or passwords. Password cracking activities enforce this finding, often taking only seconds to crack these passwords.
More to come tomorrow on the second P – Patching…
Tim is a Senior Security Consultant at Zensar