Which means getting back to various levels of "fire drill" associated with security. The North Campus has had a lot of benign -- or neutral -- neglect in terms of what hooks to which network, and the blocks from which internal IP addresses are assigned.
Meanwhile, Corporate IT has unfurled their battle flags, put on the white gloves and commenced system scans, and they're not happy. Nope, it's not dust on the server racks or tarnish on the few remaining "Intel inside" stickers, it's a general laxness of defenses, breaches in the (fire)walls and a sloppy mixing of personal machines, company machines and thumbdrives and SD cards found in gutters and public washrooms. They've run pen testing ops and awakened afterward to find themselves covered in Sharpie-drawn amateur tattoos from head to foot.
All of which means that I have got to get myself in gear, get cleaned up and out the door, and go help our local IT guys pull in new network cables and find spaces for better kinds of managed switches, while the most vulnerable systems run in splendid isolation from the Internet. Y'know, I love the 'Net, but when did we decide that every last darned thing from the computers running essential business equipment to the breakroom refrigerator needed to be on the World Wide Web?
But we did, and if we want to keep some kid from Kiev holding the last Reese's Cup hostage while his big brother's pirate band raids the payroll accounts and all our personal data, we're gonna have to harden 'em up.
Fix bayonets -- advance!
Update
15 hours ago
9 comments:
Turning 70 next year.
Back in my day, DOS/VSE, CICS, IDMS, dang kids and their pointy-clicky client/server, Snapface, drone drone drone, blah blah blah, zz zzzzz.
I don't understand all of your terminology; but, I get the drift. Personally, some time ago I set up a separate machine that is isolated from the Internet. When we replaced our HVAC system a few years ago, I declined to have one that hooked to the web. None of our appliances talks to anything other than themselves (?) Heck! My smart phone is from 2007 and has never been accessed by/to the web - likewise my cameras. Hunky Husband's and my watches are dumb. I dropped FB about 10 years ago when their privacy policies got too squirrely for me. And I'm not even paranoid!! I wish government and private entities were a bit paranoid.
Thanks.
security has taken second fiddle to Convenience in IT for a long time. I work for a security-centric computer server system reseller and our security guys see all kinds of issues.
Good to hear station IT has woken up and is starting to address the issues.
Cop Car, drat, one of my best puns may have been lost on re-entry.
"Pen testing" is "penetration testing," in which you hire an expert (or group of them) to put in their best black hats and try to PENetate your protected network, get into company e-mail, etc. etc. But once in, they don't break things, only leave markers and make notes on how you could have stopped them so you can fix the vulnerabilities. I snicker at the thought of the pen-testers sneaking in while the IT crew is on siesta and marking them up with felt-tip markers in the way rambunctious college students used to do to their buddies who dozed off or drank too much: the harshest sort of failure on a pen test!
Just look to "The Moon is a Harsh Mistress" to realize the folly of connecting complex systems into a central computer system. Whether that's a single computer or the Net, the end result will be pretty much the same.
The whole "Internet of Things" (aka, "IoT") strikes me as completely insane. While it make make remotely controlling industrial processes slightly easier, what's the point if some script-kiddie from Beijing or Moscow can shut down your pipeline? Doing to critical infrastructure like pipelines, refineries, or power plants is simply asking for someone to either cripple, destroy, or threaten to cripple and destroy them.
Industrial controls should be relatively simple, and easily overridden by hand by the operators in the event of emergency.
And do you really need your refrigerator connected to the 'net? Let's use some common sense, folks
RX--Thanks. I'm more familiar with "Red Teaming" than with "PEN Testing".
Ran into a Sinclair chief engineer last Friday. He looked REALLY tired.
Almost makes me yearn for the days when my biggest concern was making sure the production folks were cutting the ends off the 1-inch tapes.
Anon, Sinclair took a very bad hit, and working hard to recover. Their number came up; it could have been anybody.
Indeed. I figure it's when, not if, for our large station group. Others are working on the defenses, and I am running through various contingency options to keep us from modulating all zeros.
Post a Comment