Pages

Tuesday, February 9, 2016

The dangers of decomissioning systems/apps without a process

Making changes to your network can always bring insecurity. Most of the time we're concerned about putting new things onto the network (what vulnerabilities will this bring, how will this effect other systems, will it be patched, etc), but it's sometimes rare that we think of this in reverse. Many times what we don't think about are the risks induced when removing a system, or application, in our environment. We're all gung-ho about making sure there aren't issues when putting in a device, but we should also be concerned about the holes created when a systems is removed from the network. 

If we're not following proper procedure to remove access for the newly decommissioned systems, we're opening up ourselves to  risks which could have been easily mitigated. The misconfigurations and privilege inheritance of old systems, that will be adopted by new systems in the future, create a substantial risk to your environment.

In this article I explain in more detail the dangers of decommissioning without a process: http://blog.algosec.com/2016/02/dont-sidestep-security-when-decommissioning-your-applications.html

1 comment:

  1. IEEE Final Year projects Project Centers in Chennai are consistently sought after. Final Year Students Projects take a shot at them to improve their aptitudes, while specialists like the enjoyment in interfering with innovation. For experts, it's an alternate ball game through and through. Smaller than expected IEEE Final Year project centers ground for all fragments of CSE & IT engineers hoping to assemble. Final Year Projects for CSE It gives you tips and rules that is progressively critical to consider while choosing any final year project point.

    Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Spring Framework Corporate TRaining the authors explore the idea of using Java in Big Data platforms.
    Specifically, Spring Framework provides various tasks are geared around preparing data for further analysis and visualization. Spring Training in Chennai


    The Nodejs Training Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

    ReplyDelete