Articles /

Network Security: Paranoia Can Be A Plus

A New Threat Targeting Kentico CMS Servers

Recently one of our new clients got an interesting phone call – it was from the FBI requesting a sit down so they could discuss some issues. The client called me on my cell phone and left a cryptic message that was very cloak and dagger, causing me to call back urgently, then run into my boss’s office to report this exciting news that I was going to meet with the FBI…I felt very important. However, my boss’s reaction to the news surprised me. He was not fazed one bit and said casually, ”I have seen this happen before.

So exactly what happened? The client got hacked by a hacker from overseas.

I went in to meet with these FBI agents and our client, thinking I was walking in to a very high security type of environment. In the room were four reps from the client, two FBI agents, and myself. The FBI agents looked like he could have been one of our network services consultants. He handed out a sheet of paper, typed in notepad, with the user names and passwords ofseven of the top level principals at the client’s organization. Then he proceeded to tell us how to work to prevent this type of thing from happening again.

What he told us was simple, effective, efficient, and often overlooked.

    1. Patch your systems regularly and use antivirus software.
      The initial breach exploited a vulnerability in Adobe. The premise was simple, an email was sent from what looked like a known address, with aPDF attachment. Once the user opened the PDF, the PC was compromised.
    1. Implement a password policy that includes complex passwords and password history.
      The passwords in use were easy to guess, but worse, some of them had not been changed inseven years. While it is not clear exactly how or when they obtained the passwords, a simple password policy that enforced periodic password changes would have helped mitigate the situation.
    1. Firewall, Firewall, Firewall (just because you have one does not mean it is configured correctly)
      Audit your firewall rules; make sure you only have the necessary ports open to the necessary machines. In this case, after moving a server to the data center, the in-house IT staff configured a local Domain Controller and gave it a local IP address that had an incoming NAT rule on the firewall.

In this case, a simple port scan, passwords not changed inseven years, and presto – the Domain Controller was compromised.

These items alone could have saved a lot of heartache and pain. Everyone knows they should be doing them, but are they doing them correctly?

Don’t wait until hackers find out and come knocking.