http://blog.clearnetsec.com/articles/tag/employee en-us 40 <p>I shouldn't be shocked, but I am. A piece of the conversation today we had with a client went something like this:</p> <blockquote><p>client: yeah, we also just found out we have an ex-employee logging in from the internet to our servers and helping other nurses with some computer tasks</p> <p>us: um, you have an ex-employee logging into your servers remotely?</p> <p>client: yes</p></blockquote> <p>Talk about scary. I wish I could say more. Let's just say this is relatively minor compared to other illegitimate activities this particular client is suffering from (e.g. knowledgeable attackers with clear targets).&nbsp; It is quickly turning into one of those scenarios whereby you can&rsquo;t trust the integrity of anything electronic.</p> <p>On top of that, it&rsquo;s another flare on why it is so important to just know what is and should be happening on your network.&nbsp; Forget about all the fancy security solutions; what is important first is to understand why and how devices talk.&nbsp; Do these systems over here need to talk to these systems here?&nbsp; No.&nbsp; Why are they talking then?&nbsp; </p> <p>This client has security point solutions in place, but they haven&rsquo;t a clue what is happening or why.&nbsp; If you spend the time to define the relationships, catching potentially illegitimate activity is a LOT easier. </p> Tue, 25 Apr 2006 02:13:00 -0600 urn:uuid:e25d2bcf-db20-4ec3-976e-aef90edf5e1c tate@ClearNetSec.com (Tate Hansen) http://blog.clearnetsec.com/articles/2006/04/25/tough-to-find-where-to-begin security ClearNet Security Tate Hansen ex employee compromise