v1.14_Unsafe configuration criteria

Default password

1.3.6.1.4.1.35265.1.60.1.8.3.1.9.1

Checking that "system->encrypted-password" is equal to a default value

Checking the password used to access the system

Shared key is not specified with WIDS enabled

1.3.6.1.4.1.35265.1.60.1.8.3.1.9.14

Checking that "wids-service->network-shared-key" is not empty

WIDS can not be used for detecting access points in a spectrum without the shared key specified. If the key is not specified, the service will not work.

Using a default ipsec password

1.3.6.1.4.1.35265.1.60.1.8.3.1.9.8

Checking that ipsec is enabled, and "ipsec->password" is equal to "password"

Using ipsec tunnel with a default password is considered to be unsafe

Using a default xuser ipsec

1.3.6.1.4.1.35265.1.60.1.8.3.1.9.9

Checking that ipsec is enabled, and "ipsec->xuser" is equal to "user"

Using ipsec tunnel with a default xuser is considered to be unsafe

Using a default xpassword ipsec

1.3.6.1.4.1.35265.1.60.1.8.3.1.9.10

Checking that ipsec is enabled, and "ipsec->xpassword" is equal to "password"

Using ipsec tunnel with a default xpassword is considered to be unsafe

Using unencrypted WGB

1.3.6.1.4.1.35265.1.60.1.8.3.1.9.11

Checking that the "security" parameter is set to "plain-text" for enabled WGB

Using wireless communication without data encryption is unsafe as it may lead to traffic interception or spoofing

Using unencrypted WDS

1.3.6.1.4.1.35265.1.60.1.8.3.1.9.12

Checking that "wds-security-policy" parameter is not equal to "wpa-personal" for enabled WDS

Using wireless communication without data encryption is unsafe as it may lead to traffic interception or spoofing

Using open VAP interface without authorization

1.3.6.1.4.1.35265.1.60.1.8.3.1.9.13

Checking that both wpa-personal/enterprise authorization and portal authorization are not configured for VAP interface

Using open networks without portal authorization contravenes the laws of the Russian Federation as it makes it impossible to identify a user.