Many organisations lack a clear policy on management of administrator access to critical network devices. This can put the organisation at risk of network compromise due to insecure, shared or default system accounts. This also presents an issue to ongoing support and maintenance of the platform when staff leave or when devices fail.
If you’re concerned about how your managing access to your critical infrastructure ask yourself the following questions:
Do you use vendor default accounts to login to switches, routers, firewalls and wireless controllers?
Vendor defaults are one of the first combinations an attacker will try when attempting to access a network device. By leaving system defaults you’re greatly increasing this risk of unauthorised network access. Once an attacker is on your LAN then all traffic can potentially be intercepted.
Do you use static admin accounts and passwords on your devices?
Who knows these logins? Are they saved in logs or config backups within insecure locations? Could an attacker easily locate this information on whiteboards or chat logs?
Do you have a policy to regularly change admin accounts on devices?
Have you got the same admin account today that you had when you started? How many staff have left the organisation that know this account login? Is that password on the whiteboard still valid? Regularly changing static passwords reduces the risk of unauthorised access but this can be a burden so how can you achieve this? We can assist with automated solutions to manage password rotation.
Do you know who is accessing devices and when?
Are you logging access to network devices? Who is accessing your devices? Are they accessing outside of normal business hours? What are they doing when they are connected? If a change is made to a firewall to permit an insecure traffic flow do you know who made the change and why?
Is Keepass or Excel your password management solution?
Whilst these solutions might be great for personal use, what happens when an employee leaves the organisation? How do you control access to passwords for staff who don’t need access? What happens if this file is lost or corrupted?
The core switch has failed – who knows the password?
Ever had this problem? being unable to locate a device password during an outage or network security event can greatly increase risk and downtime during an already stressful time.
How can you improve this situation?
Contact Prosec Network Solutions to discuss how we can address these concerns above and reduce the risk to your organisation.
We can offer a range of solutions such as :
- Centralised and Integrated Administrator Authentication using Active Directory and ClearPass Policy Manager
- Command authorisation and logging policies for critical network devices
- RADIUS and TACACS+ policy administration and device integration
- Secure Enterprise password management solutions such as BeyondTrust Password Safe