I was doing a tech assessment for a prospect the other day and found a few things.
On first pass these might not seem like big things.
But sometimes a series of small missteps can lead to a big fall.
One thing I noticed was that all of their network equipment was still set to the default password.
But the problem ran much deeper.
You see, no one has ever actually logged in to their network equipment.
No configuration was ever done.
It appears that the network equipment was just plugged, turned on, and then left there.
No tech telemetry was set up on the devices.
It’s as if someone just racked the gear, plugged the stuff in, and left.
So what’s the downside?
This default password issue persisted in other areas.
The most concerning being the server.
The servers remote access card was still set with once again - the default password.
I was able to quickly login to the server and see the server internals.
Meaning that from this location.
If I was a bad guy.
I could basically take down the server.
One might argue that this client is behind a firewall and so the ability to hack into these devices is minimized.
And that would be a correct statement.
But if you consider that this business is in a corporate office building alongside several other businesses.
That their Wi-Fi is broadcast into the hallways.
That there are people walking around the business complex all of the time,
And that this business provides trusted services to other business.
Makes this business a prime target.
All it would’ve taken to mitigate these issues would have been for the person who installed equipment to set new passwords on the equipment and document it.
And then of course - install some tech telemetry.
This business would then be more secure and better maintained.
As usual, I found more stuff then just devices with default passwords that had never been logged into.
But that’s for another day.
When you find out that your IT provider leave things undone it makes you wonder what else have they left undone.
Don’t leave your tech undone.
Hire a tech provider that gets things done right the first time.