Sunday, September 19, 2004
What to do with new hardware/software when you get it home
You've just unpacked or downloaded a shiny new widget. It promises to give you an "out of box experience", which means you can just plug it in and start using it.
These days, it probably has a computer inside and probably connects to a network. Security will be an issue. If it's like most widgets it comes out of the box with bad security settings.
Here are some things you should do soon, if not right away:
Why this matters
Let's look at a typical example, wireless access points. They're great -- plug them in and they Just Work. Unfortunately most of them come out of the box set to shout "I am here! Connect to me!" to every wireless card within range. All the access points from one manufacturer will all have the same password to start with. You better believe bad guys know all those passwords (nothing new there. One locksmith got a reputation as a genius safecracker just by memorizing the factory-set combinations for several models. Nobody ever changed the combination). You'll be wide open to hostile users.
But if you change the password and turn on the security features you'll be much safer.
|
These days, it probably has a computer inside and probably connects to a network. Security will be an issue. If it's like most widgets it comes out of the box with bad security settings.
Here are some things you should do soon, if not right away:
- Change the password
If it uses a password to protect it from unwanted changes, pick a new one. If you won't be using the password often enough to remember it, consider writing the new password down in a safe place where nobody will ever look, like the instruction manual. - Check for updates
Go to the vendor's web site. Look for a section with a name like "downloads", "updates", "support" or "firmware". There may have been security fixes in between when the widget was made and when you got it. - Browse through the configuration
If it's software, there's probably an item called Preferences under the Edit menu. If it's hardware, there's probably a way to bring up a Web page from the device that lets you change settings. Look at all of them and ignore the ones you don't understand. When you understand a setting and it's stupid, change it. Make a note of the change so you can change it back when you talk to tech support: they'll want to troubleshoot starting with the standard configuration.
Why this matters
Let's look at a typical example, wireless access points. They're great -- plug them in and they Just Work. Unfortunately most of them come out of the box set to shout "I am here! Connect to me!" to every wireless card within range. All the access points from one manufacturer will all have the same password to start with. You better believe bad guys know all those passwords (nothing new there. One locksmith got a reputation as a genius safecracker just by memorizing the factory-set combinations for several models. Nobody ever changed the combination). You'll be wide open to hostile users.
But if you change the password and turn on the security features you'll be much safer.
# posted by Frederick @ 10:27 AM Email to a friend:
Haloscan: they provide trackback