When you purchase a new firewall (or any network device in general) such as a Cisco
PIX, a Linksys, a NetScreen, or a SonicWall, out of the box the device has some default
passwords set (and in some cases there is no default password). This is because the
manufacturer must allow for initial access to the device for the end user to configure it.
Most recent documentation for any device admonishes the end user to immediately
change the default password to something else. Table 11-1 shows common default
passwords for some firewalls.
Table 11-1. Default Passwords
Manufacturer Product Default Administrative Account Default Password
Cisco PIX None None
Linksys BEFSX41 None admin
NetScreen (All) netscreen netscreen
Netgear FR314 admin password
You can find a detailed default password list at either the F/X site
(http://www.phenoelit.de/dpl/dpl.html) or at the Nikto site (http://www.cirt.net/cgi-
bin/passwd.pl). It is precisely because sites such as these keep lists of default passwords
that these passwords are considered detrimental. In some cases, vendors have gotten the
hint that although they need to have default passwords for the initial setup, the initial
setup should also require the administrator to change the password from the default value.
This has been done on some Cisco devices, such as their IDS platform, and is finding
more and more acceptance among other vendors.