When you’re in IT Security for as long as I have been you’ll most
likely have quite a few horror stories regarding firewall change
management and some shockingly dumb moves. Here are three isolated
issues that I’ve seen in my more than 10 years in the business (and am
allowed to discuss externally):
Server Hosting Foreign Movies
Working one night in an operation center I noticed a large spike in traffic to a particular IP address. After drilling down into the traffic pattern I noticed that it was FTP related. Knowing that this particular server wasn’t hosting an FTP site I became very suspicious. Shortly afterward during troubleshooting I noticed an even larger spike in traffic, this time egressing our network. At this point I became very suspicious as to what was going on and discovered that FTP was anonymously enabled on this server and was now hosting that year’s blockbuster movie. Turns out that our client had enabled FTP for this server to receive a download and left the permissions wide open on their network. The service was stopped and the server needed to be cleaned after being compromised.
This particular issue could have been eliminated if proper change management would have been followed. While change management won’t catch everything having the approval of other engineers and management can help eliminate simple oversights like opening anonymous FTP to the world.
Read the rest of the article at the Algosec.com blog: http://blog.algosec.com/2012/08/network-security-horror-stories-change-control.html
Server Hosting Foreign Movies
Working one night in an operation center I noticed a large spike in traffic to a particular IP address. After drilling down into the traffic pattern I noticed that it was FTP related. Knowing that this particular server wasn’t hosting an FTP site I became very suspicious. Shortly afterward during troubleshooting I noticed an even larger spike in traffic, this time egressing our network. At this point I became very suspicious as to what was going on and discovered that FTP was anonymously enabled on this server and was now hosting that year’s blockbuster movie. Turns out that our client had enabled FTP for this server to receive a download and left the permissions wide open on their network. The service was stopped and the server needed to be cleaned after being compromised.
This particular issue could have been eliminated if proper change management would have been followed. While change management won’t catch everything having the approval of other engineers and management can help eliminate simple oversights like opening anonymous FTP to the world.
Read the rest of the article at the Algosec.com blog: http://blog.algosec.com/2012/08/network-security-horror-stories-change-control.html
No comments:
Post a Comment