July 24, 2014
Passwords for EdgeMarc's Gateways and Session Border Controllers At Risk
By
Matt Paulson
TMCnet Contributing Writer
If your business uses EdgeMarc products, including Session Border Controllers and Gateways, then it's probably time to change your password as soon as possible. According to Bandwidth (News - Alert) and others within the Voice over IP (VoIP) industry, the default usernames and passwords for EdgeMarc devices are likely to have been compromised.
Using the default username and password on any device is already asking for trouble, but many businesses and even IT professionals never bother changing them on Gateways and Session Border Controllers since they don't think that hackers would ever bother to target these systems. The device does not necessarily prompt the user to change these credentials either, which makes this blind spot easy to overlook. As long as your company no longer uses the default log-in credentials, your business is most likely to be safe from this potential threat. Even if the password change happened months ago, the architecture of the devices is not under threat, but those who still use the default usernames and passwords are urged to immediately change them.
Want to find out if your device has been compromised? The first step is to take a look at the IP addresses that have been connecting to it. If any of them are foreign to the company or otherwise unusual, then someone else is worming their way into your IP system. In addition to changing the log-in credentials, you would also do best to remove these IP addresses manually, so that they can no longer connect to the network or try to discover the new usernames and passwords while still connected to the system.
Disabling point-to-point protocol (PPTP) functionality is also an important step, as it will ensure that only trusted and recognized IP addresses will be able to connect in the future. While this does add an extra step when connecting a new computer to the network by manually entering the IP and approving it, this is a far better solution than simply leaving the door wide open.
Edited by Maurice Nagle