As above… Just took on a new client. Nothing exciting 4 PC’s, Yealink Desk Phones… and A printer.
Upon investigation and reviewing the systems I noticed port 443 was open to the routers login page and I bitched at the old IT co asking them why it is open. For no other reason than ‘We may need to change some settings’. So it was not open for VPN purposes etc.
Bearing in mind the admin password was a variant of ‘Password’. So not a strong one.
No Geo-IP or 2FA etc.
Router is a Draytek.
I shouted and had a go at the other IT co about this as I thought this was just pure lazy - but they claim they do it a lot and this is how they have all of there clients configured.
Did I just make myself look stupid by having a go at them about how insecure this is/was? or am I being over the top? Whats the worst that can happen, the previous IT co said they would replace the router if it got hacked.
I was not happy with this configuration at all.
Did I just make myself look stupid?