Blog based on my "knee jerk" response to an article on an NSA breach
So when you first read this article, you will notice that there are groups of hackers that are auctioning off exploits of devices. May seem like no big deal but think about this. You have a group of people that are preying on your first line of defense and profiting on making these exploits available. Irritation set to the highest level for one simple reason. NOT EVERYONE HAS A SECURITY TEAM. Ok, now that I feel better to commence the discussion on how they did this and why you may be concerned.
Exploiting firewalls, you are now placing into the world factory defaults and settings that people may overlook or not think about when protecting your network. Creating a gateway for script kitties and ill-willed individuals to try now and do harm just because the day ends in “Y”. An example of why I constantly preach about compliance reports and their ability to help you protect your network and not forget the little things.
Some of the vulnerabilities listed were things like:
Buffer overflow in OpenLDAP
SNMP exploits on devices
Scripting advisement to gain more havoc
And much more…
So how do we guard against these untimely and devastating breaches? One answer, stop ignoring security needs. There are several free resources that help you protect yourself. I realize a lot of people may or may not know these so I thought I would put together a few.
Common Vulnerabilities and Exposures
National Vulnerability Database
If you read any of my NCM blogs, you would know that it has a firmware vulnerability data. Checking the NIST and advises you of security holes on your Cisco devices. Not a “catch-all” by any means but helps you to be aware and proactively having security checks every day by default. Then as always there are compliance reports with even federal compliance reports right out of the box. Allowing you to lean on what others have created to ensure that you are crossing your T’s and dotting your I’s within your security needs.
These are all ways we can try to use products to help us every day and have a direction to head in instead of ignoring or just simply put don’t make the time to address. Monitoring and management software needs to be an everyday defensive tool. To help offer guidance with your security needs and allowing you to work on security today and tomorrow. Security teams can lean on monitoring\management solutions. It’s not just for people that are lacking the funding for a security team it’s for everyone to stand together and help stand up to people exploiting for hire.
Circling back to my last opinion on this article. For hire, exploits are just as bad as hackers with ransomware. These were merely saying “hey, pay me and I’ll tell you how you can do some damage” where ransomware is more “Hey, I encrypted or stole your data give me $$$ to (maybe) get it back.” Is there a difference in the level of punishment if ever caught? I think there is not and we need to have better ways to prosecute and track down these criminals. What’s your thoughts? I’m always open to opinions and love hearing all of your comments!
Follow me on Twitter @dez_sayz