Web Gui’s for management

It seems every device you purchase has a web admin page. The little linksys router you purchased, the NAS storage device, your Linux box, etc… The trend is to have any type of appliance have this type of management tool. These tools allow the managemnt of these devices to be done by almost anyone. The challenge is that many people take these tools and accessibly too far. They don’t go the extra step to secure access to these admin tools.

There is a great article of the dangers and how to search for any of these open admin tools.
http://resources.infosecinstitute.com/dangers-web-management/

The issue is not allowing non approved users to get to the admin page. Many people just plug these devices in and leave the default settings. It is not hard to figure out the default user name / password for these admin tools. (just Google linksys default password)

I have been at client sites where the business owner wants to have the router accessible remotely so they can do feature x or y. However, they just had the default username / password enabled. In most cases they had no issue in changing these settings or securing the device after I explained the issue. The problem, is that they did not know this before hand or had not worried about it before.

Leave a Comment