mailing list archives
Re: Bay Networks Security Hole
From: gert () GREENIE MUC DE (Gert Doering)
Date: Thu, 14 May 1998 20:00:43 +0200
Kirby Dolak wrote:
2. Bay recommends that both accounts (User and Manager) have passwords
assigned. Both have default/null passwords as they ship from the factory,
just like a Unix system. The administrator should immediately take
measures to secure the system, at initial system install, so that an
unauthenticated user/manager doesn't have
access to device management information, such as the community names and
addresses via telnet/console.
I like the way Cisco approaches this issue.
Unless you set a login password, or enable some kind of "aaa authentication"
service, you CANNOT LOGIN AT ALL over network.
And if you are logged in to an unprivileged account, you cannot become
superuser unless you have already set the enable password from the console.
This is VERY good.
No need to "recommend" anything, it's just "secure out of the box". If
you neglect to configure the password, it just isn't accessible at all
(except from the physical console).
USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany gert () greenie muc de
fax: +49-89-35655025 gert.doering () physik tu-muenchen de