The organization must modify
all default access credentials of embedded systems.
Organizations usually keep default configurations
of third-party products
since these may adapt to most environments where they are installed
and facilitate the deployment to production.
However, this practice may leave a default open gate for products
and, in most cases, credentials found in provider documentation,
which can be found easily on the Internet.
For this reason it is important to check all configurations
before deployment and remove all default credentials.
Remove all default credentials.
Implement a mechanism to ensure only users
with administrator privileges can access
Create a robust credential policy
to improve the security of all credentials in the organization.
The passwords must be changed every so often
in case they are compromised.
Perform audits periodically
to detect improper configurations or missing patches.