Device Hardening Flashcards

1
Q

Changing default credentials

A

• Most devices have default usernames
and passwords
• Change yours!

  • The right credentials provide full control
    • Administrator access

• Very easy to find the defaults for
your WAP or router
• http://www.routerpasswords.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Avoid common passwords

A
  • People use common words as passwords
    • You can find them in the dictionary
  • Brute force attackers start with the easy ones
    • password, ninja, football

• Many common wordlists are available
• Some are customized by language
or line of work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Upgrading firmware

A

• Many network devices do not use
a traditional operating system
• All updates are made to firmware

• The potential exists for security vulnerabilities
• Upgrade the firmware to
a non-vulnerable version

  • Plan for the unexpected
    • Always have a rollback plan
    • Save those firmware binaries
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

File hashing

A
  • Hashing represents data as a short string of text
    • A message digest
  • Unique value
    • A hash is unique to a particular data structure
    • The hash will be different if the data changes
  • Verify a downloaded file (integrity)
    • Hashes may be provided on the download site
    • Compare the downloaded file hash with the posted hash value
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Disabling unnecessary services

A
  • Every service has the potential for trouble
    • The worst vulnerabilities are 0-day
  • “Unnecessary” isn’t always obvious
    • Windows 7 includes over 130 services by default
    • Windows 10 has over 240
  • This may require a lot of research
    • Many different sources
    • Don’t rely on the manufacturer
  • Trial and error may be necessary
    • Testing and monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Watching the network

A
  • There’s a wealth of information in the packets
    • Some of it is very sensitive information
  • It’s exceptionally easy to pull this out of the air
    • Your coffee break could cost you
  • Use encrypted protocols and technologies
    • Browser, email, terminal, file transfer, encrypted tunnels
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Secure protocols

A
  • SSH - Secure Shell
    • Terminal sessions; use instead of Telnet
  • SFTP - Secure (SSH) File Transfer Protocol
    • File transfer using SSH instead of FTP

• SNMPv3 - Simple Network Management Protocol
• Version 3 added encrypted communication
instead of SNMPv1 and v2

  • TLS/SSL - Transport Layer Security / Secure Sockets Layer
    • HTTP inside of TLS is HTTPS
  • IPsec - Internet Protocol Security
    • Encrypt at the IP packet level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Generating new keys

A

• We communicate to network devices
over encrypted channels
• HTTPS, SSH

  • Encryption keys are usually managed on the device
    • SSL/TLS keys for HTTPS, SSH keys

• Anyone with the key can potentially decrypt
administrative sessions
• Or gain access to the device

  • Update or change the keys during the installation
    • Have a formal policy to outline processes and procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Disabling unused TCP and UDP ports

A
  • Control traffic based on data within the content
    • Data in the packets
  • Use a firewall to allow or restrict port numbers
    • TCP and UDP filtering
  • Firewall location
    • Personal/Software firewall
    • Network-based firewall
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Disabling unused interfaces

A
  • Enabled physical ports
    • Conference rooms
    • Break rooms
  • Administratively disable unused ports
    • More to maintain, but more secure

• Network Access Control (NAC)
• 802.1X controls
• You can’t communicate unless
you are authenticated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly