It's been widely reported that Czech security experts recently uncovered a large botnet that exploited the weak and default passwords of many broadband routers and DSL/Cable modems. The impact? DNS redirects to malware sites, DDoS attacks and data leakage for many unsuspecting broadband users. Don't let this happen to externally-facing gear in your datacenter. There are a couple of easy and free ways to pen test your network.
It's really easy to get bit by the default password bug. Almost every device your network today is web manageable, and while most of those devices are not accessible from the internet, they are still accessible by infected machines internal to your network. Take your standard off the shelf APC UPS, for example. As I often do, I did a sweep of a particular IP subnet on my network recently, and I discovered that there was a new APC UPS hanging off my network, listening on port 80. I popped open a browser to the UPS, and like clockwork, was able to logon with the default password of apc/apc. So what's the big deal here? Well, via the UI you can put the UPS into bypass. So someone with nefarious intentions could certainly have caused me some grief had I actually lost AC power.
Realistically, if you're crunched for time, focus your efforts on your firewalls, routers and network services that you're static NAT'ing (or PAT'ing for that matter) through your firewall. You don't need to guess at default passwords, they're well documented right here.
Fire up a laptop outside your network, and run an IP Scanner utility like Angry IP Scanner against your external IP block. In your scan, define the ports that can be used to manage any devices, like http, telnet or ssh for example. If any device is listening on those ports, connect on those ports and test out the devices against the default password database.
If you're a seasoned security pro, this probably all sounds like a waste of time, but if you're sharing the responsibility of managing your network with 10 other admins, then this process is worthwhile. It only takes a slip-up from one person to cause lots of grief for the entire team. If you have the time, move your testing to the inside of your network and look for other devices that may have default passwords still left configured. It's not out of the ordinary at all for organizations to light up edge switches with the default passwords still left intact, and a little effort can go a long way for hardening your network. If you've used any good penetration testing, or if you have any horror stories to share, let us know!Randy George has covered a wide range of network infrastructure and information security topics in his 4 years as a regular InformationWeek and Network Computing contributor. He has 13 years of experience in enterprise IT, and has spent the last 8 years working as a ... View Full Bio