Now that you have good, strong passwords, it’s time to start looking at where you implemented them. You remember Bob Williams right? Sure you do, the other article is only a day old. He works for a high profile law enforcement agency. Naturally that agency has a lot of information on their workstations and servers that some people would love to get their hands on, tamper with or erase. Bob read the previous article i wrote about password strategies and adjusted his passwords accordingly. The next day he spoke to his chief at work and had an email sent out to everyone in the building with guidelines their new password had to meet. A few days later there was a staff meeting that went over the recent new password requirements and urged everyone to adjust their passwords accordingly. Everyone reported back saying they had changed their workstation, email and server account passwords. Great!
A few days later the local office got hacked and some files were taken.
How did this happen?! An investigation was launched and here are it’s results:
Hackers found a way in to the network through an unsecured device. After a closer look they found a few printers, routers and security camera’s with their default factory name and passwords still set. Name: Admin, Password: Admin, stuff like that. Super easy for someone to exploit. Once the hacker made it’s way into the local network he stole all the encrypted password hashes from the servers and workstations. He took a few days and was able to crack 5 of the passwords in the list. Sadly one of them was from Sandra. Sandra was on leave during this whole password change implementation and she has not caught up on her emails yet, so still using her old password “drowssap1” (password spelled backwards). Easy to crack. The hacker gained entry to the network again, used Sandra’s login credentials to gain access to the server, re-activated a dormant account and gave himself full access permissions. The dormant account was from Bobby, he got canned a few months ago but his disabled user account was still in the server directory.
So, quite a mess. In this scenario a few weak points were detected in the network and the hacker took full advantage. After immediately bringing in a security experts to fix these vulnerabilities they have not had unauthorized network intrusions since.
• All user accounts were forced to set a new password meeting strict guidelines. Tests were done and any account with a weak password was disabled immediately until a proper password was set. These tests are now done monthly.
• Every device connected to the network had it’s factory default accounts disabled or adjusted.
• The server directory is now cleaned up and checked almost daily. As soon as an account is no longer needed it is permanently deleted.
Now that you have solid passwords set for all the most used stuff (Computer, email, facebook, twitter, wifi network etc.) it is time to start looking at all the devices you may have never thought about. Even the ones that you’d never expect anyone to ever connect to, chances are it’s already been done.
• Printers and faxes connected to the network.
• Routers, specially those with guest networks set up.
• Modems with built-in routers.
• IP Security camera’s.
• Home security that connects to the internet.
• Thermostats that connect to the wifi.
• Network storage devices (NAS).