Firewall Configuration files - out in the open
I would like to know what other fellow admins and security enthusiasts think about how good Firewall configuration files should be protected?
Let's say there are floating around 300 of them around, containing information like S/N, used ip address spaces (public and private), VPN information, E-Mail addresses for users who are using OTP. I can't say how good the password hashing/encryption in there is.
Should this be a security concern or can it be ignored? Should the vendor react and contact the managing partner when provided with a list of affected Appliances?
Asking for a friend.