Wednesday, August 22, 2012

Network Security Horror Stories: Change Control

When you’re in IT Security for as long as I have been you’ll most likely have quite a few horror stories regarding firewall change management and some shockingly dumb moves. Here are three isolated issues that I’ve seen in my more than 10 years in the business (and am allowed to discuss externally): 

Server Hosting Foreign Movies

Working one night in an operation center I noticed a large spike in traffic to a particular IP address. After drilling down into the traffic pattern I noticed that it was FTP related. Knowing that this particular server wasn’t hosting an FTP site I became very suspicious. Shortly afterward during troubleshooting I noticed an even larger spike in traffic, this time egressing our network. At this point I became very suspicious as to what was going on and discovered that FTP was anonymously enabled on this server and was now hosting that year’s blockbuster movie.  Turns out that our client had enabled FTP for this server to receive a download and left the permissions wide open on their network. The service was stopped and the server needed to be cleaned after being compromised.

This particular issue could have been eliminated if proper change management would have been followed. While change management won’t catch everything having the approval of other engineers and management can help eliminate simple oversights like opening anonymous FTP to the world.

Read the rest of the article at the Algosec.com blog: http://blog.algosec.com/2012/08/network-security-horror-stories-change-control.html

No comments:

Post a Comment