20+ years ago I managed the installation of a high performance compute cluster purchased from IBM. Their techs did all the initial installation and setup, right down to using their well known default password of “PASSW0RD” (with a zero for the ‘o’) for all root/admin accounts…. It took less than 20 minutes for it to be compromised by an IP address in China.
At least other vendors like HP use random root/admin passwords printed on cards physically attached to new equipment…
When I used to rack and stack servers, many moons ago, we would always connect them to a switch with LAN only so we could use SSH/SCP to harden them before they got exposed. This was for .gov stuff that would get attacked instantly.
Worked at a sloppy startup MSP. A few years after I left a former coworker told me they discovered (after they finally got an EDR) that all the pre-deploy boxes on the sandboxed LAN waiting to be moved to the datacenter were being compromised after the kickstarts finished. The deployment box had been owned since they didn’t deploy it in the sandbox, which didn’t exist at the time. Whoever did it kept from being detected for years. Then I guess they got bored and used the whole DC to DOS someone. He thinks they noticed the EDR and the gig was up. Good times.
20+ years ago I managed the installation of a high performance compute cluster purchased from IBM. Their techs did all the initial installation and setup, right down to using their well known default password of “PASSW0RD” (with a zero for the ‘o’) for all root/admin accounts…. It took less than 20 minutes for it to be compromised by an IP address in China.
At least other vendors like HP use random root/admin passwords printed on cards physically attached to new equipment…
When I used to rack and stack servers, many moons ago, we would always connect them to a switch with LAN only so we could use SSH/SCP to harden them before they got exposed. This was for .gov stuff that would get attacked instantly.
Worked at a sloppy startup MSP. A few years after I left a former coworker told me they discovered (after they finally got an EDR) that all the pre-deploy boxes on the sandboxed LAN waiting to be moved to the datacenter were being compromised after the kickstarts finished. The deployment box had been owned since they didn’t deploy it in the sandbox, which didn’t exist at the time. Whoever did it kept from being detected for years. Then I guess they got bored and used the whole DC to DOS someone. He thinks they noticed the EDR and the gig was up. Good times.