Jump to content

Security And Not-so-techie Clients

Recommended Posts

So I just finished my first big(er) project as an independant contractor, with a medium size apartment building. Working with existing cabling and wireless access points (read: consumer wireless routers) I replaced their aging Juniper firewall in the basement with a new firewall appliance (read: PC running m0n0wall).

Now my question is this: how do I explain in a diplomatic and professional manner that they should at least change the default passwords on all their equipment, if not start using much more secure passwords everywhere? I put a semi-strong password on the m0n0wall, but all the access points are admin:admin, their surveillance DVR uses admin:admin, even the wireless router in the sports bar on the first floor uses admin:password. If I can convince them it's a good idea to use better passwords, I would then write up some documentation for the network and write down the passwords so they won't have to remember them but would keep them in a safe place.

I'm looking for personal stories, and professional opinions. Thanks in advance.

Link to comment
Share on other sites

Just be open and professional with them, explain the differences between a weak password and a strong password. Tell them the mistakes a lot of people make, when setting up their systems and how easily it can be for an outsider/intruder to gain access to the their system.

You can then go about explaining how dictionary attacks work and why in certain cases they are so effective. And that is very simple, people always tend to fall into the habit of using the same password, or passwords that are easy to remember like, password or 1234 or redroses1.

Moreover, if they can choose a password that is not in the dictionary or perhaps combine two words with special characters they will not only be making it difficult for an attacker to guess but it will make their system less vulnerable to dictionary attacks.

Edited by Infiltrator
Link to comment
Share on other sites

Depending on your clients level of understanding or point of view you may also want to relate this to how they use the network. For example if they are in using for back-office work and the only place they keep file is on a server it would be very feasible for an intruder to get into the network to change records such as who has paid rent for the month ect. I find that when explaining to the client showing them how it can affect their business but most importantly income they usually are very receptive to the solution.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...