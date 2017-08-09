How a Port Misconfiguration Exposed Critical Infrastructure Data (helpnetsecurity.com) 8
An anonymous reader writes: Attacks hitting companies' electrical systems are possible, especially when information that provides insight into those systems' weak points is freely accessible online. If you think that such a thing is unlikely, you probably haven't yet heard about the most recent discovery made by UpGuard researchers: an open port used for rsync server synchronization has left the network of Power Quality Engineering (PQE) wide open to malicious attackers. They managed to access and exfiltrate 205 GB of data from PQE's servers, up until the moment when the company secured its systems two days later after being notified of the problem.
Why not use DFS for windows shares? (Score:2)
Why not use DFS for windows shares?
Re: (Score:2)
They setup a server with a service configured to allow connecting on a default port and giving unencrypted/passwordless access to the entire file system.
Yes, this is the definition of "doing it wrong".
Any even minimal attempt to secure the server and service via OS hardening and/or taking the 2 minutes to configure rsync/rsyncd to use ssh as a transport would've prevented this issue. As rsyncd has used ssh by default for a while now, either they deliberately turned off all safeguards, or else they are runni
Re: (Score:2)
At the risk of replying to myself, I just went and looked and rsync has had using ssh as the default config for 13 years now...
SCIF (Score:2)
Pen testing is good (Score:2)
Pay someone to do even a light check of your network. You never know.
Something very similar happened at an old employer. We did network and voice support for an auto dealer. Every month their long distance and international bills were unjustifiably enormous, but they didn't tell US about it, preferring to bitch at the phone company directly (company was horribly run, really). At some point or another they finally got fed up and told us they didn't want international calls to go out (this was the first t
Seems like (Score:2)
A comedy of stupidity.
Did they even have a firewall?
Who does the reviews and port scans for security changes?
Who reviews the security postures of applications and services on the internal network.
Power Quality Engineering, well one out of three, maybe.
Here's a hint for configuring your security posture. Start with denying any connectivity in either direction. Adjust as needed.