Details

Deletes the known default accounts configured

Rationale:

In order to attempt access to known devices’ platforms, attackers use the available database of the known default accounts for each platform or Operating System. The known default accounts are often (without limiting to) the following: ‘root’, ‘asa’, ‘admin’, ‘cisco’, ‘pix’. When the attacker has discovered that a default account is enabled on a system, the work of attempting to access to the device will be half done given that the remaining part will be on guessing the password and risks for devices to be intruded are very high. It is a best practice to use Enterprise customized administrative accounts.

Solution

Step 1: Acquire the Enterprise customized administrative account and password

Step 2: Run the following to create the customized administrative account as well as the required privilege level

hostname(config)#username password privilege

Step 3: Run the following to delete the known default accounts identified during the audit

hostname(config)# no username

Default Value:

The default username used for the first SSH connection or aaa authentication telnet console is asa but for versions from 8.4(2) and above, there is no default username

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3246

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Cisco.

References

• 800-53|IA-5
• CSCv7|4.2

Source

• Tenable.com/audits