Your network is secure. Not Really.

Codespaces Hacked and Gone

Some time ago, Codespaces Hacked and GoneI wrote an article talking about security on a network, and how most people, including IT people in the field believe that a firewall and good antivirus is what is needed for their networks. They think a good intrusion detection system added into the mix makes them pretty secure. I debated these beliefs, and even took the stand that people who believe such things are truly not at the level they believe they are and in fact are wrong about their approach to network security.

Network security doesn’t stop at the outside coming in. Firewalls, antivirus, and intrusion detection are of course part of the overall security posture. But what happens once someone gets past all those measures and is on your network? How to your monitor, detect changes that should not occur and actively stop those continued attacks? That is where people like me come in. Your average network administrator, IT manager or security person just doesn’t think in these ways, which is what hackers are hoping for. When you build your network, you must
consider if someone is in one area of a network, how do they access data in another area? Many companies apply shares based on user groups or the title of the user and give them access. This means they can be in one folder, create a shortcut to another folder and do what they want. Simple and convenient access. That way they don’t “waste their time clicking and typing their username and password a million times”. Again, the exact approach hackers want you to take. As an IT person, you cannot cave in to non-IT users, regardless of their rank or title. You have to require them to have two factor authentication. This can be implemented in a variety of ways (multiple usernames/passwords, biometrics, etc)
but if they can be in the “finance” share folder and save a shortcut to their “HR” share folder, then all a hacker has to do is get into one area, and access all the data they’d want to steal your money and identity of you and your employees.

Read the following articles about the hack that occurred at Code Spaces, a fully redundant data hosting company. One hacker put this company completely out of business in one day. These guys were touted as fully redundant, highly secure cloud based company. Take a look at the image and some of the top companies that were hosted there and the sheer volume of all their data lost.

You still think this can’t happen to you? Call me and my C|EH friends some time and let’s see how secure you really are.

Dell Articles

Codespaces apology and instant going out of business notice

Computerworld article on Codespaces

Skip to toolbar