A technician is deploying a new fleet of smart thermostats throughout a corporate office. These IoT devices will connect to a dedicated wireless network. Which of the following is the MOST critical first step the technician should take to secure these devices during installation?
Configure MAC address filtering on the wireless access point.
Change the default administrative passwords on all thermostats.
Update the firmware on each thermostat to the latest version.
Place the wireless network for the thermostats on a segmented VLAN.
The most critical initial step when deploying any new device, especially IoT devices, is to change the default username and password. Default credentials are often publicly known and are a primary target for automated attacks. While updating firmware, segmenting the network, and using MAC filtering are all important hardening techniques, none are as fundamental as removing the well-known default password which presents an immediate and easily exploitable vulnerability. Unchanged default credentials were a key factor in large-scale IoT botnets like Mirai.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are default passwords considered a security risk for IoT devices?
Open an interactive chat with Bash
What are some best practices for creating strong passwords for IoT devices?
Open an interactive chat with Bash
What steps can I take to secure my IoT devices aside from changing passwords?