Misconfigured Networks Main Cause of Breaches 78
Posted
by
CmdrTaco
from the probably-including-you dept.
from the probably-including-you dept.
An anonymous reader writes "Responses to a survey from attendees of the DEFCON 18 conference revealed that 73% came across a misconfigured network more than three quarters of the time – which, according to 76% of the sample, was the easiest IT resource to exploit. Results revealed that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits. 14% felt that compliance audits that don't always capture security best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed play a key role."
Re:Check those facts & figures (Score:3, Informative)
Presumably the other 3% thought it was the easiest IT resource to exploit, but did not actually come across them more than three quarters of the time.
This summary is an absolute nightmare.
Of those 73 percent of misconfigured networks... (Score:5, Informative)
http://monkey.org/~dugsong/dsniff/ [monkey.org]
Re:Misconfigured networks (Score:4, Informative)
So, that means vulnerable ports were open to "the world" on the systems, and the "network" was supposed to be doing the firewalling? Network firewalls and system firewalls should use identical policies.
That's a bit general. Say you want to run a Samba fileserver to share files among Windows clients. You'd want the fileserver on your internal network to accept connections from the relevant ports. You would not want the firewall standing between your network and the Internet to also have that port open to the world.
While it's true that a conscientious admin would tighten up the Samba server's firewall by specifying both ports and IP addresses/ranges (or other credentials) that are acceptable, you still wouldn't have identical policies between the internal systems and the firewall controlling what can connect from outside.
Check your reading comprehension (Score:4, Informative)
Imagine everyone was asked how often they came across a misconfigured network. One guy answered "about 80% of the time". Another guy answered "20% of the time." 73% of the respondents, when asked, gave an answer that was higher than "75% of the time".
Separately, respondents were asked what IT resource was easiest to exploit, and 76% of them said "network".
Shitty study (Score:5, Informative)
I was at Defcon this year (like always), and the people conducting this study were essentially paid per response, which I'm sure is quite common. We were standing on the Riv steps, during one of our many cigarette breaks, and some girl came up and asked us to do her survey.
Us: "This question doesn't really make sense."
Her: "Just check any box, I need to get them all filled."
And that's basically how it went. The question/answers seemed a little silly, and there were a lot of excluded middles. The surveyors knew nothing of the questions, and were just trying to get out there of (can't blame 'em). The answer space was a checkbox, and if you saw it, you'd see how easy it'd be to just fill out the rest of the boxes with similar answers if you wanted to go home.