Search⌘ K
AI Features
Home
Courses
Practical Security: Simple Practices for Defending Your Systems

Default Passwords & Credentials

Explore best practices for managing default passwords and credentials to reduce vulnerabilities. Learn to detect default credentials on network devices, apply provisioning checklists, and keep sensitive credentials out of source control. Discover tools for scanning secrets, enhancing your ability to secure systems against unauthorized access.

We'll cover the following...

Default passwords

Default passwords are another kind of misconfiguration that saves attackers a lot of time and effort. They’re easy to exploit and easy to detect—just the kind of thing that attackers love. So we need to find them first. We can leverage the network inventory work we did in chapter 1 to give us a starting point for where to look. We’ll also want to include network infrastructure like switches. We’ll want to pay particular attention to anything that’s exposed to the internet.

As was the case with defenses against SQL injection, our defense against this kind of misconfiguration can be layered. The first layer of the defense is to add to our provisioning checklist to make sure to not use default passwords when provisioning new services.

Beyond that, we can look into scanning our network for default passwords. This second layer is highly specific to your network. You won’t have time to exhaustively scan everything on your network. You’ll need to use your judgment on where to focus your efforts. You may get a good return on ...