Mon, Oct 26 2009 20:45
The ghost of Karl is haunting me tonight
First off I'd like to say that Karl Palachuk really screwed up this time. Calling his company "Great Little Book" when his latest is great, but it sure isn't little, is not truth in advertising. At a whopping 590 pages, that is not a little book by any means. http://greatlittlebook.com/ Great yes, little, no way.
I'm in the pre-planning mode for the migration... or rather I should say the "Ghost of Karl Paluchuk" is hanging around me in my server room tonight telling me to "Document! Document! Document!" as I'm setting up a new firewall, writing down (YES WRITING DOWN) the passwords and making sure that they aren't variations of the SAME password over and over again. For a temp dry run test setup, I have the server and the new Calyptix firewall hanging off the second of two DSL connections (long story as to why we have two, the old one was under the original firm name and when we went to change the name they said "Oh no we have to set up a new account". I tested the DSL line when it first came in and it was SLOWER than our old line so I've kept the old line all this time while waiting for about 6 months for the speed to bump up to the promised speed.) It's now coming in handy as a second line to stage some of this stuff without interacting and interfering with my real server just yet.
But I realized that on this Netopia DSL router model I had never bothered to change the default password from the serial number default it was. Way to go Susan on that one. Just stick a "Hack me" sign on my router on that one. So I've changed that from the default it once was.
In addition I want to ensure that I have a "bus book".. you know ensuring that someone will have the documentation of the network should I get hit by a bus? And too many times in small firms we do not take the time to document what we should.
Quick, where's the passwords for your routers that you have, that you manage? Do you use the same variation of a password over and over again? If someone guessed just ONE of your passwords, could they guess at the others? See how important it is to understand the human nature of password choosing and just using the variations of that and doing something better than that? Right now this box is bog standard, and not with what I'd consider to be fighting condition for production.
Right now I have full RDP open to anyone not limited down to a per IP restricted range. Port 25 is also not limited. AuthAnvil is not loaded up for the two factor authentication I need. All of these screws to tighten up my firm I'll add, I'll document, and I'll ensure they aren't the defaults.
Filed under: News