Announcement

Collapse
No announcement yet.

Leaving the cisco username blank

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Leaving the cisco username blank

    Looking for opinions.

    While performing an I audit for a company we discovered that the client has left their user name blank, they do have a very strong password set.

    Their reasoning for this is that most hacking programs don't attempt a blank user name and therefor they won't ever get the user name correct.

    I am unsure on this and would like input from people with more experience.

    The device in question is an Cisco 5505 ASA security appliance.
    Stacey Smith
    Sr. Systems Engineer

    The rule is perfect: in all matters of opinion our adversaries are insane --Samuel Clemens

  • #2
    Re: Leaving the cisco username blank

    From memory the PIX had a blank username for login as well (others could be configured). It may be there by default.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Leaving the cisco username blank

      yes,
      I believe most cisco devices allow the user name to be blank..
      I am still a believer in a strong user name for edge device 10+ characters including Specials and upper and lower case.

      This was my recommendation to them, but I have no hard facts to say that their position is incorrect.

      Of course we only do the audits and make recommendations, the decision to change is theirs in the end. This question is more for my personal edification
      Stacey Smith
      Sr. Systems Engineer

      The rule is perfect: in all matters of opinion our adversaries are insane --Samuel Clemens

      Comment


      • #4
        Re: Leaving the cisco username blank

        Probably more worthwhile if the username field is hidden too? I do agree but the whole security by obscurity response they gave for their reasoning is "xxxxxxx" in my opinion.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment

        Working...
        X