Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9187
Views
7
Helpful
6
Replies

Pen Test Results

Go to solution
sonny.herriott
Community Member

‎10-24-2019 07:51 AM

Hi All,

We had a pen test on our Meraki networks and they came back with a high risk point being that the login to the Access Point (MR series) are using http and that you can't login to them with an encrypted connection. So I need to know if we can make this an SSL connection or not. I understand what could be done to lower the risk by changing the default password which I believe to be a device serial number.

We just need someone professional to say yes or no this is not possible and then either act on the answer if yes or sign the point off if low as accepted risk.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nolan H.
Level 11
Level 11

‎10-24-2019 07:52 AM

Assuming your talking about the local status page

Go to your general settings

You can edit the login credentials for the local status page

In addition, you can disable the local status page and that way nobody can access it.

View solution in original post

6 Replies 6

Go to solution
Nolan H.
Level 11
Level 11

‎10-24-2019 07:52 AM

Assuming your talking about the local status page

Go to your general settings

You can edit the login credentials for the local status page

In addition, you can disable the local status page and that way nobody can access it.

Go to solution
Nolan H.
Level 11
Level 11
In response to Nolan H.

‎10-24-2019 07:54 AM

Also, your access points should be on their own VLAN, not the same one your wireless clients are using. This would also help to isolate risks as well.

Go to solution
ww^
Meraki Community All-Star
Meraki Community All-Star
In response to Nolan H.

‎10-24-2019 09:55 AM

and what happens when someone logs in?

you can also remove the ap and connect to the cable...

0 Helpful

Go to solution
pjc
Level 4
Level 4
In response to Philip D'Ath

‎10-25-2019 06:04 AM

I find the local status page (my.meraki.com) a handy tool for clients to check what connected AP, signal strength and throughput ('run speed test') if experiencing any issues.

If you, like me, find it handy, just make the local admin password something impossibly long and complex, you do this in one place, in the dashboard, Network-Wide>General

Go to solution
Brons2
Level 2
Level 2

‎10-25-2019 02:05 PM

I disabled my local status pages. Because auditors.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card