Ensure known default accounts do not exist

Information

Deletes the known default accounts configured

Rationale:

In order to attempt access to known devices' platforms, attackers use the available database of the known default accounts for each platform or Operating System. The known default accounts are often (without limiting to) the following: 'root', 'asa', 'admin', 'cisco', 'pix'. When the attacker has discovered that a default account is enabled on a system, the work of attempting to access to the device will be half done given that the remaining part will be on guessing the password and risks for devices to be intruded are very high. It is a best practice to use Enterprise customized administrative accounts.

Solution

* Step 1: Acquire the Enterprise customized administrative account <customized_admin_account> and password <admin_password>
* Step 2: Run the following to create the customized administrative account as well as the required privilege <privilege_>

>configure user add <customized_admin_account> password <admin_password> privilege <privilege_>

* Step 3: Run the following to delete the known default accounts identified during the audit

>configure user delete username

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5

Plugin: Cisco

Control ID: 9f17b2319b9a776dcb929dfbcf488ba8efe7a37fc31573b6bd8eeeb85923370a