Networking hardware, end user devices, switches, Wi-Fi, IoT and more all come with a default configuration, making it easier for the consumer to get them up and running. The initial setup of hardware and software is aimed at usability, not security. These defaults can create security holes.
What is a default configuration? A default configuration in hardware is a ready-made system with a set of standard specifications. For example, the computer you purchased will have a standardized pre-build of components such as video card, memory and storage, processing power and audio.
But default settings don’t only apply to the hardware components. It also means that there are services enabled or software installed on the device that you may not need. The log in username and password are standardized for all models as well.
Accepting the default configuration from the manufacturer without reviewing and changing it could lead to a dangerous security risk for your environment.
At the very least, change the default credentials. The manufacturer of an appliance makes this information publicly accessible and any hacker can attempt to infiltrate your environment if this is not secured.
How to protect yourself:
- Remove and disable unnecessary services and accounts.
- Change the default login and password. Use a strong password/passphrase that is not easily guessed.
- Disable auto-run features.
- Determine which settings and configurations are necessary for your organization. Create a baseline for this configuration in order to maintain security and control.