Your Decommissioned Routers Could Be A Security Disaster
Networlworld, Wednesday, April 26,2023
Retired enterprise routers-and the sensitive data that's still on them-are showing up on the used-equipment market where attackers could mine them for vulnerabilities to exploit.
Here's bad news: It's easy to buy used enterprise routers that haven't been decommissioned properly and that still contain data about the organizations they were once connected to, including IPsec credentials, application lists, and cryptographic keys.
'This leaves critical and sensitive configuration data from the original owner or operator accessible to the purchaser and open to abuse,' according to a white paper by Cameron Camp, security researcher, and Tony Anscombe, chief security evangelist, for security firm Eset (See: Discarded, not destroyed: Old routers reveal corporate secrets).