Signs of Security in Reverse
I was looking over some notes for one of the online training sessions I'll be publishing which is comparing Signs of Security in Reverse examples I've saved from about 12 years ago to those that I've saved a few hours ago.
The lessons learned in Security approach is what I am looking to cover with this data.
I've been finding more IT Admin's are not following best practices and not taking corrective actions.
The fluff reports you'll find at the software vendor sites that use lines like "6% do not report" and "80% are still running". That's a very nice industry way of saying your IT Administrators is a lazy person and should be fired. Or maybe they don't know because that other lazy admin didn't spend the time to inform the other IT admin?
Who's at fault here isn't part of this section but I will tell you so you can walk away saying "Murray, you're the jerk."
When I find a serious issue and know it's from a medical lab, university lab or a business that has all their online data registered correctly so all it takes is a quick look up for me to find the IT or Abuse contact I send the sample of the log and call it a day.
If you email back with "Thanks" it keeps you out of my follow up list. If you call or email complaining I just delete the email and fit you into a line like, "Ya, that's my customer server, so what."
I've had my time on the "Notice, your server has a security issue" email one day. Lucky for me it was my "Research" system that I forgot to shut down that weekend after testing.
We all know mistakes happen and when you find your Net mistake you need to take action.
Below are those that didn't take action and their lack of knowledge, control, time, effort, experience, after they received advice, links, and security bulletins have earned them a place in my heart, my site and in the "Signs of Security in Reverse."
DISCLAIMER: Don’t get me wrong, I have had my security in reverse days as well. I have had other IT experts tell me all about it. Some actually were really nice and offered some new insights while others were just jerks and really didn’t do anything more than muddy the waters. It’s all in how you report that security in reverse to the other IT admin. And then it’s up to the other IT Admin to actually make changes that are “Clearly” best practices.
Friday Jun 29 2012
When do you need to rethink your external services? SMTP, POP3, Webmail, Remote Desktop, IIS 80, when you have many services running on a single box and do not keep those services update you end up with a security in reverse system. The key to identifying that this system was not managed correctly was the IIS server was setup with their old website. This server was retired and repurposed in my opinion and not updated. Like a SBS2003 system after DCPromo you need to stop the updates if on the same network which would mean this missed the 3-15 exploit update. Signs of Security in Reverse: Case 129 ITR-03152012