1.4.1.3 Ensure known default accounts do not exist

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Deletes the known default accounts configured

Rationale:

In order to attempt access to known devices' platforms, attackers use the available database of the known default accounts for each platform or Operating System. The known default accounts are often (without limiting to) the following: 'root', 'asa', 'admin', 'cisco', 'pix'. When the attacker has discovered that a default account is enabled on a system, the work of attempting to access to the device will be half done given that the remaining part will be on guessing the password and risks for devices to be intruded are very high. It is a best practice to use Enterprise customized administrative accounts.

Solution

* Step 1: Acquire the Enterprise customized administrative account <customized_admin_account> and password <admin_password>
* Step 2: Run the following to create the customized administrative account as well as the required privilege level <privilege_level>

hostname(config)#username <customized_admin_account> password <admin_password> privilege <privilege_level>

* Step 3: Run the following to delete the known default accounts identified during the audit

hostname(config)# no username <known_default_account>

See Also

https://workbench.cisecurity.org/files/1903