2 – Do Not Use Default Security Parameters
In the Reports Portal, select > > > Reports or Dashboards > .
PCI Requirement 2 addresses the use of vendor-supplied default settings, such as passwords and account names. These are known values and can be exploited by malicious users. While devices and firewalls installed by IT administrators might have strong security process, users who install software and add devices might not follow good security practices.
Use the following dashboards and reports to check for default security parameters in your environment.
| Dashboards | Reports |
|---|---|
Reports default vendor accounts by username. The table provides results by the IP address and name of the device’s address, the vendor’s name, the account name, and quantity.
Default Vendor Accounts Overview
Provides, in several charts, an overview of default vendor accounts. You can view the accounts associated with the most events, account activity over time, the IP addresses associated with the accounts, and the most active vendors.
Provides, in charts and table, insecure events by port number and IP address, activities by day, and the products that report insecure services in other systems.
Reports insecure events by port number. The table provides results by the target port, target process, target and source IP addresses, the target host name, the product that reported the insecure service, and the number of events.
Reports systems with the most misconfiguration events reported in your environment. In general, the most common vulnerability in your environment is misconfigured operating systems, frameworks, libraries, and applications. Misconfigurations include missing security patches or updates, incomplete or ad hoc configurations, use of insecure default configurations, poorly configured HTTP headers, and error messages that contain sensitive information. The table provides results by IP address and name of the misconfigured system, the name of the event, and number of events.
Multiple Functions Implemented on a Server
Reports the servers that have multiple functions installed on them. For example, a server might have functions such as DNS, a Web server, and a database.
Reports the software found by IP address and host name.
Unencrypted Administrative Accesses
Reports the accounts that have had unencrypted administrative access events. The table provides results by the IP address and name of the host, the affected account, the port used, affected process, and number of events.