tough to find where to begin
Posted by Tate Hansen Tue, 25 Apr 2006 08:13:00 GMT
I shouldn't be shocked, but I am. A piece of the conversation today we had with a client went something like this:
client: yeah, we also just found out we have an ex-employee logging in from the internet to our servers and helping other nurses with some computer tasks
us: um, you have an ex-employee logging into your servers remotely?
client: yes
Talk about scary. I wish I could say more. Let's just say this is relatively minor compared to other illegitimate activities this particular client is suffering from (e.g. knowledgeable attackers with clear targets). It is quickly turning into one of those scenarios whereby you can’t trust the integrity of anything electronic.
On top of that, it’s another flare on why it is so important to just know what is and should be happening on your network. Forget about all the fancy security solutions; what is important first is to understand why and how devices talk. Do these systems over here need to talk to these systems here? No. Why are they talking then?
This client has security point solutions in place, but they haven’t a clue what is happening or why. If you spend the time to define the relationships, catching potentially illegitimate activity is a LOT easier.
