Ensure known default accounts do not exist


Deletes the known default accounts configured


In order to attempt access to known devices' platforms, attackers use the available database of the known default accounts for each platform or Operating System. The known default accounts are often (without limiting to) the following: 'root', 'asa', 'admin', 'cisco', 'pix'. When the attacker has discovered that a default account is enabled on a system, the work of attempting to access to the device will be half done given that the remaining part will be on guessing the password and risks for devices to be intruded are very high. It is a best practice to use Enterprise customized administrative accounts.


* Step 1: Acquire the Enterprise customized administrative account <customized_admin_account> and password <admin_password>
* Step 2: Run the following to create the customized administrative account as well as the required privilege level <privilege_level>

hostname(config)#username <customized_admin_account> password <admin_password> privilege <privilege_level>

* Step 3: Run the following to delete the known default accounts identified during the audit

hostname(config)# no username <known_default_account>

See Also


Item Details


References: 800-53|IA-5, CSCv7|4.2

Plugin: Cisco

Control ID: 35f508ca5969bc77ef8f8a9d2ff79b1939dcf6d00e1f3bed3d235c30196e2473