Reply to post:

Miscreants sweep internet for unpatched Cisco kit, fears over bugged Chinese parts, Roger Stone nabbed...

Lee D Silver badge

"You don't have to be authenticated, you just have to be able to reach the router's web-based management portal."

And why would you have that visible remotely over a plain Internet connection, or indeed internally unless you're on an administrative VLAN?

It's the ridiculous logistical arrangements that companies decide to use that cause security problems, much more than the fact that someone may have found a small hole?

It's time we made systems that *ACTIVELY* prevented their poor implementation. Like refusing to expose administrative web consoles on any Internet-facing connection, enforcing administrative action only over a physical separated console cable (like we always used to do!), refusing to activate service until passwords have been changed from the default, etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021