5 Aug
2018
5 Aug
'18
4:17 p.m.
Before, or as soon as you attach a piece of equipment
to our network
(or anywhere else, for that matter) IMMEDIATELY CHANGE THE PASSWORD.
Oh, and be careful when upgrading firmware: in far too
many devices
when you flash new firmware into it, the password gets reset to the
factory default. Be sure to check it afterwards!
But, do not see this as a reason to not upgrade firmware!
It is really important to keep firmware uptodate, as e.g. was seen in the recent
case of MikroTik routers being compromised because they were running firmware
before version 6.42.1 which has a vulnerability that allows a remote user to
retrieve the correct password from the router! This was fixed some time ago
(current version is 6.42.6) but people didn't upgrade, and their router became
infected with a botnet that essentially allows it do do anything.
In this case, it is also important to change the password after the upgrade,
not because it would be reset, but because it could be known to an attacker who
retrieved it before the upgrade. In that case they can still login after upgrade!
(more details on how to avoid such things can be found on the MikroTik forum, but
even the "cannot do! too difficult for me!" type of operator still can upgrade
the
software as this is only a matter of two clicks in the user interface)
Rob