Security vendor nCircle used brief surveys conducted during webinars to highlight the state of network configurations that utilize insecure protocols and settings. Based on the data, the saying “easier said than done” has certainly become a reality.
Accordingly, 38 percent of the respondents to nCircle’s questioning said that they were required to run Telnet. This is just one example of poor communication implementation, which thanks to legacy systems within enterprises and SMBs, brings significant risks that are nearly impossible to get rid of.
In addition, the study revealed that 58 percent of respondents were either unaware if their organization used SSHv1 (a less secure version of SSH) or if they were required to use it. This is in addition to those who said they didn’t know if SNMP default community strings were being used, or if they were required to use them. Also, 67 percent said the same thing about TLS ciphers.
“The only plausible reason to run Telnet is because a business partner requires it,” said Andrew Storms, director of IT and security operations for nCircle. “In that case, IT professionals need to push aggressively to find another partner. There’s just no way to make Telnet secure.”
“It’s also discouraging to see so many small businesses that aren’t sure if they have insecure settings on their networks, since we know hackers are targeting these businesses aggressively,” Storms added.
Snapshots from the survey are available here.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- UK Car Retailer Arnold Clark Hit by Ransomware
- Dealing With the Carcinization of Security
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Cyber Insights 2023 | Supply Chain Security
- Cyber Insights 2023 | Regulations
