Hello everyone welcome to the show "Ethical Hacking" episode 81 today we are going to discuss about Securing network devices.Network devices include things like switches, routers,firewalls, IDS, IPS, and more.Each of these different devices has its own vulnerabilities that have to be addressed.But for the security.we're going to focus on the most common vulnerabilities across all of these different devices.The first vulnerability we're going to talk about is default accounts.These are accounts that exist on a device straight out of the box when you buy it.So for example, if you buy a small office,home office wireless access point.Like a Linksys or a D-Link, or something like that,it's going to have some accounts already established on there.It might have one like admin or administrator or user,or something of that nature.All of these default accounts are very easy to figure out and very easy to guess.And so it's important for you to actually change these names so that they're not something that an attacker can easily guess.And then all they have to do is guess your password.Now, this applies to your organizations as well.You want to make sure that your naming schemes aren't really easy to guess.Unfortunately, though, most organizations are going to use a common naming scheme for all of their users.For example, most organizations like to use first name dot last name.So if your name was vijay kumar like me,you're [email protected] sometimes they'll do something like [email protected], where it's the first letter and the last name.Any of these make for a great,normal, easy to understand naming scheme.That makes operations very easy.But it also makes it fairly easy to guess.Because if I see that [email protected] is one email,then I can probably guess that Susan.Smith is also there.Or whoever else I'm dealing with.You want to make sure you're thinking about this and you're starting to add diversity,and making sure that those default user names are changed.Now, the next thing you want to think about is the device user name as well.There's defaults for this too.I've seen people call them router or switch as the user names.That's not a good plan either.When you're creating a device account,you want it to be something more complex.So maybe it's rtr for router with a couple of numbers after it.Something that's not easily guessable.That's what I'm talking about here as we try to change these default accounts.The next issue we have goes right along with default accounts,it's weak passwords.Don't leave passwords as their default.For instance, those Linksys routers we all have,they're admin for user, admin for password.That is horrible.We also don't want to use any words that are in the dictionary.Your passwords need to be long, strong and complex with at least 14 characters long, upper case, lower case, special characters and numbers.By having this mixture, it's going to increase the time it takes to brute force that password,and make it much harder for an attacker to break in to your network.So for example, if I have the password of password,which is all lower case, I'm only using 26 different options because lower case letters are A through Z.And so if I look at that, that's considered a weak password.If I add some upper case to it, now I have 52 characters because I have upper case and lower case.So I have something like password,where the P, the S's and the D's are upper case and the other letters are lower case.If I want to make it even more secure,I can add numbers to that.And I'll change out the S's for fives and the Os for zeroes, things like that.And this is going to give us more choices, again,because we have 26 lower case, 26 upper case and 10 numbers, zero through nine.But if we want it to be the best and most secure that it possibly can be, we want to add symbols to this too.And so now we're going to get something like 70 different options.
