Many network devices have default settings that emphasize performance or ease of installation without regard for security issues. Installation without adequate attention to correcting these settings could create serious potential problems. Some common configuration issues include the following:

• Ineffective access control lists failing to block intended traffic

• Default, missing, or old passwords

• Unneeded ports or services left active

• User IDs and passwords exchanged in clear text

• Weak or unprotected remote access through the Internet or dial-up services

Monitoring vendor announcements and advisories, combined with industry news services, can identify the most common, best-known vulnerabilities and often include the appropriate mitigation solution.