This is a multipart Blog.
Stuxnet created an uproar a few weeks back for being system specific. For more details on Stuxnet click here
Through this multi-part blog, we offer a different perspective, though at the same time we intend preserving the essence of methodology utilized by Stuxnet or similar worms/Viruses to propagate and infect.
Thumb Rule for “Information”: Information should be available only on need to know basis and strict hierarchy should be followed top ensure smooth flow of information.
During our research, we stumbled upon some though provoking facts.
1: It very easy to procure information pertaining to internet facing devices
2: Default password are just available everywhere
3: There is no requirement for specialized tools or resources or expertise.
The bottom line is – Stitch in time saves nine, an age old saying. In other words, a system-admin or a system deployment expert or the computer-expert-next-door, takes necessary precaution and follows the simple thumb-rule of “Information”, a lot of un-savory events may be averted.
The topics which will be covered in this multi-part blog are:
1: Recon : Searching for devices, the easy way and the hacker way.
2: Defaults : procuring defaults – the donts – ease of procuring default usernames and passwords
3: IDS/IPS are a failure when routers/CPEs (Customer Premise Equipment) are open or protected by default passwords.
4: Social Engineering Attack