Just wondering if EE have applied the recommendations from the NCSC dated 16 April 2018, to avoid the potential vulnerability exploits of the routers by Russian state actors?
ISPs
• Do not field equipment in the network core or to customer premises with
legacy, unencrypted, or unauthenticated protocols and services. When
purchasing equipment from vendors, include this requirement in purchase
agreements.
• Disable legacy, unencrypted, or unauthenticated protocols and services. Use
modern encrypted management protocols such as SSH. Harden the
encrypted protocols based on current best security practices from the vendor.
• Initiate a plan to upgrade fielded equipment no longer supported by the
vendor with software updates and security patches. The best practice is to
field only supported equipment and replace legacy equipment prior to it falling
into an unsupported state.
• Apply software updates and security patches to fielded equipment. When that
is not possible, notify customers about software updates and security patches
and provide timely instructions on how to apply them.
https://www.ncsc.gov.uk/news/russian-state-sponsored-cyber-actors-targeting-network-infrastructure-d...
