- Device Hardening

Question 1

Changing default credentials

Answer 1

Changing default credentials
• Most devices have default usernames
and passwords
• Change yours!

Question 2

Avoid common passwords

Answer 2

Avoid common passwords
• People use common words as passwords
• You can find them in the dictionary

Question 3

Upgrading firmware

Answer 3

Upgrading firmware
• Many network devices do not use
a traditional operating system
• All updates are made to firmware

Question 4

File hashing

Answer 4

File hashing
• Hashing represents data as a short string of text
• A message digest

Question 5

Disabling unnecessary services

Answer 5

Disabling unnecessary services
• Every service has the potential for trouble
• The worst vulnerabilities are 0-day

Question 6

Watching the network

Answer 6

Watching the network
• There’s a wealth of information in the packets
• Some of it is very sensitive informatio

Question 7

Secure protocols

Answer 7

Secure protocols
• SSH - Secure Shell
• Terminal sessions; use instead of Telnet

Question 8

Generating new keys

Answer 8

Generating new keys
• We communicate to network devices
over encrypted channels
• HTTPS, SSH

Question 9

Disabling unused TCP and UDP ports

Answer 9

Disabling unused TCP and UDP ports
• Control traffic based on data within the content
• Data in the packets

Question 10

Disabling unused interfaces

Answer 10

Disabling unused interfaces
• Enabled physical ports
• Conference rooms
• Break rooms

Question 11

Restricting access via ACLs

Answer 11

Restricting access via ACLs
• Use device ACLs to limit access to important
infrastructure devices
• Only admins should be able to login

Question 12

Honeypots

Answer 12

Honeypots

• Attract the bad guys - and trap them there

Question 13

Penetration testing

Answer 13

Penetration testing
• Pentest
• Simulate an attack