fbpx

The Perfect Storm

·

A tale about a network engineer who makes a critical mistake that leaves his company exposed.

The following is a true story.  The details have been slightly modified to protect the companies and people involved.

Hello, my name is Max.  I was working in Atlanta with a company named “We Secure”.  It was a normal day at the office.  I was setting a new security logging server that we had just purchased.  It was accessible via a web interface.  So, for us to access it, we would need to create a firewall entry allowing access over http and https.  It was a rather strait forward task.  All I had to do is drop it into the firewall group called “Internal Websites” and boom we were in business.  This server was a highly sensitive server because there was a lot of data contained in the logs like usernames and passwords and who knows what else.  I didn’t bother putting a password on the website because it was only internally facing.  What could possibly go wrong?

From the day that I setup this server it was live and accessible on the internet without even a password.  We will call this mistake number 1.  Have you ever heard of layered security?  This is the first principal I violated resulting in a very dangerous situation.  At this point you may be asking how did this system end up on the internet?  This was caused by a case of bad cyber hygiene.

Several months before this event we had disabled a webserver.  It was shut down and no longer used.  The problem is that no one removed the old firewall rules related to this web server.  One of the layers of your security program should be to remove all aspects of a technology’s configurations when decommissioned.  For instance, removing it from the firewall, DNS servers, user accounts, active directory configurations etc.  At this point we have two failures bad cyber hygiene and lack of password controls. 

There we were, unknowingly we were completely exposed.  How long did it sit out there?  Well, it wasn’t found until we performed our annual pentest, so it was probably about 6 months.  Pentest were only performed every year since they were so costly to perform at the time.  We had also failed to invest in a security scanning solution.  This would have at least given us some clue that there was a problem. But even vulnerability scanning wouldn’t necessarily have protected us from this perfect storm.

A product like ShadowKat could have prevented this situation or it could have at least greatly reduced the time of exposure.  ShadowKat is our version of attack surface management.  It helps you to identify changes to your external attack surface and actively manage your external facing assets.

Facebook
Twitter
LinkedIn
John Survant
John Survant
John Survant has been an Information Technology Manager for over 20 years and has extensive background in cybersecurity, compliance, and network infrastructure. He has achieved several highly regarded network security certifications: CISSP, HCISPP, CEH, ECSA, CCNP, MCSE, and several Splunk and F5 Certifications. Mr. Survant also obtained a Master of Business Administration from the UK-UofL Executive MBA program, Class of 2018.
Follow us
Facebook Twitter Linkedin Instagram
Subscribe to our News Letter
Latest posts
What they say
"60% of data breaches are caused by a failure to patch. If you correct that, you've eliminated 60% of breaches. And I didn't even have to say AI or Blockchain! See how that works?"
Ricardo LafosseCISO of Morningstar
"Just the process of doing a risk assessment changes the culture. People now realize, 'Oh, I do have something that's worthy enough,' [of a cyberattack] just by going through those risk assessments. We flipped the model around. We focused first on what you are doing well that we want you to keep doing. And in places that they may not be doing so well we said you're not really hitting best practice, let us help you get there. So that was a big, big change right off the bat on how people looked at our group."
David SherryCISO of Princeton University
“We believe the customer should be in control of their own information. You might like these so-called free services, but we don’t think they’re worth having your email, your search history and now even your family photos data mined and sold off for god knows what advertising purpose. And we think some day, customers will see this for what it is.”
Tim CookCEO Of Apple

Our philosophy is that cybersecurity is a “No Fail” mission, and so our goal is to provide the insight and solutions that ensure our customers are protected against cybersecurity crime, because the future of their business absolutely depends on it!

Facebook Twitter Instagram Linkedin
Tampa Bay

4830 West Kennedy Blvd.
Suite 600
Tampa, FL 33609

sales@3wsecurity.com +1.813.509.2354

Have A Question?

We want to hear from you! Click below to send us a message and we will get back with you ASAP.

Contact Us

Copyright © 3W Security 2022. All rights reserved.