Security Experts:

Survey Highlights Alarming Trends in Insecure Network Configurations

Security vendor nCircle used brief surveys conducted during webinars to highlight the state of network configurations that utilize insecure protocols and settings. Based on the data, the saying "easier said than done" has certainly become a reality.

Accordingly, 38 percent of the respondents to nCircle’s questioning said that they were required to run Telnet. This is just one example of poor communication implementation, which thanks to legacy systems within enterprises and SMBs, brings significant risks that are nearly impossible to get rid of.

In addition, the study revealed that 58 percent of respondents were either unaware if their organization used SSHv1 (a less secure version of SSH) or if they were required to use it. This is in addition to those who said they didn’t know if SNMP default community strings were being used, or if they were required to use them. Also, 67 percent said the same thing about TLS ciphers.

“The only plausible reason to run Telnet is because a business partner requires it," said Andrew Storms, director of IT and security operations for nCircle. "In that case, IT professionals need to push aggressively to find another partner. There’s just no way to make Telnet secure.” 

“It’s also discouraging to see so many small businesses that aren’t sure if they have insecure settings on their networks, since we know hackers are targeting these businesses aggressively,” Storms added.

Snapshots from the survey are available here.  

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.