cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Pen Test Results

SOLVED
Son
Here to help

Pen Test Results

Hi All,

 

We had a pen test on our Meraki networks and they came back with a high risk point being that the login to the Access Point (MR series) are using http and that you can't login to them with an encrypted connection. So I need to know if we can make this an SSL connection or not. I understand what could be done to lower the risk by changing the default password which I believe to be a device serial number.

 

We just need someone professional to say yes or no this is not possible and then either act on the answer if yes or sign the point off if low as accepted risk.

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Pen Test Results

Assuming your talking about the local status page

Go to your general settings

You can edit the login credentials for the local status page

In addition, you can disable the local status page and that way nobody can access it.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
6 REPLIES 6
Highlighted
Kind of a big deal

Re: Pen Test Results

Assuming your talking about the local status page

Go to your general settings

You can edit the login credentials for the local status page

In addition, you can disable the local status page and that way nobody can access it.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Kind of a big deal

Re: Pen Test Results

Also, your access points should be on their own VLAN, not the same one your wireless clients are using. This would also help to isolate risks as well.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Kind of a big deal ww
Kind of a big deal

Re: Pen Test Results

and what happens when someone logs in?

 

you can also remove the ap and connect to the cable...

 

Kind of a big deal

Re: Pen Test Results

I'm with @NolanHerring , just disable the local status page and make the issue go away.

 

https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Using_the_Cisco_M... 

pjc
Building a reputation

Re: Pen Test Results

I find the local status page (my.meraki.com) a handy tool for clients to check what connected AP, signal strength and throughput ('run speed test') if experiencing any issues.

 

If you, like me, find it handy, just make the local admin password something impossibly long and complex, you do this in one place, in the dashboard, Network-Wide>General

Getting noticed

Re: Pen Test Results

I disabled my local status pages.  Because auditors.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.