Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security Features

Nirvana

In the server room, I go to the KVM switch to access my servers. There I find all kinds of devices running, logged in - and completely unattended. Device #1 is a newly-built Win 2003 server in default state; device #2 is the mail server, and is logged in; devices 3, 4 and 5 are my servers, and other devices, one with a Cisco firewall dashboard on-screen, all open for business. One machine that was locked sat there like a magnet. For the fun of it I tried the administrator password from the servers that I was working on and would you believe it, I got in - with a common password! Absolute total hacking nirvana!

For my convenience, I needed to have remote command line access to my target servers to stop and start specific server processes. I'm not a lover of VNC so I put on Netcat and configured it to run as a remote command shell. Absolute complete hacking orgasm!!!

So here I am, an Average Joe consultant, and after a very short time, I have root access to everything that matters in that organization. I've essentially hacked nothing, in the electronic sense of the word.

Such trust is stunning, and very, very foolish. I'm a good guy and I took it to the IT manager who wasn't at all impressed that I raised the issue. Having completed my contract I went on to other things, returning to this firm several months later for a routine server health check.

I couldn't resist asking the obvious question: what had changed since my last visit? Well I found that all the servers were no longer left idly open as they had been before. But it didn't really matter, because they all still had the same administrator password.

Stop Being Polite, And Stop Worrying About Convenience!

The door that takes ten seconds to close is a gateway to any area that is subject to controlled access. Someone swipes their card and quickly swing the door open and walks through; this leaves an opportunity for illicit access by an intruder ghosting the door.

Worse, consider the polite employee who sees a beautiful girl coming up behind him, laden with a heavy briefcase, and holds the door open with a smile. Or how about the network that allows anyone to configure for DHCP and then lets them plug and play from any terminal?

How about the simple example of someone sitting at their desk and getting a call from "The IT department." The warm voice says, "Hi there, I just need your username and password" - that probably wouldn't work, right? Well, what if the person has scoped you out ahead of time, and perhaps knows something about you or your family, and starts off the conversation with "I was out with your wife at the book club last night, she was telling me all about such and such..." This goes on for three minutes and the person, too polite to say "Umm, sorry, but I don't actually know who the hell you are..." develops a sense of trust with this person. When the "IT person" then drops that request for a password or similar, they are much more likely to hand it over.

More Stuff

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Recently tried to login into router and found cert no longer trusted; had to disable security.OCSP.enabled in order to access. What happened? I'm assu...
Bought a Nighthawk X4S R7800 based upon reviews here. Had it now for a couple years, problem is lately I am noticing it dropping connections. Most rec...
My ISP uses pppoe . I use an Assus rt ac 88 u. Do I have to have to use pppoe as my wan connection type or can I just set it to automatic?
Folks, mostly new to the forums here. I've been reading more and more and setting up my recently purchase RT-AX88U with the likes of Skynet/Diverson/A...
Well how do I setup QOS when I am using browser extension SSL VPN on port 7070? Currently it shows untracked so QOS does nothing for my browser as it ...

Don't Miss These

  • 1
  • 2
  • 3