Text only | Text with Images

Networking-Forums.com

Professional Discussions => Everything Else in the Data Center => Topic started by: deanwebb on September 25, 2017, 09:33:01 PM

Title: Deloitte Breach
Post by: deanwebb on September 25, 2017, 09:33:01 PM
Short version: They had a generic admin account for their Azure services, someone figured it out, and that someone was working with folks that copied a lot of files.

:facepalm2:

If you have cloud services, you still have to have good security for those cloud services. I'm losing count of all the cloud leaks that are happening, but that seems to be where the weaknesses are of late. Why worry about breaking through a firewall or an IPS in a corporate datacenter when you can just guess that password for the generic admin account on the cloud setup?

Keep your data local, make a hacker that wants your data get it the hard way and make a hacker that doesn't care about your data in particular skip it because it's hard and he can get that data easier somewhere else.
Title: Re: Deloitte Breach
Post by: ZiPPy on September 26, 2017, 12:46:48 AM
We use them for auditing our financials, and we are a high profile account.  This should be interesting.
Title: Re: Deloitte Breach
Post by: Dieselboy on September 26, 2017, 02:17:34 AM
(https://www.vegaspalmscasino.com/blog/wp-content/uploads/www_vegaspalms_com/2011/09/hooray-zoidberg-300x186.jpg)
Title: Re: Deloitte Breach
Post by: icecream-guy on September 26, 2017, 06:34:09 AM
Quote from: deanwebb on September 25, 2017, 09:33:01 PM
I'm losing count of all the cloud leaks that are happening, but that seems to be where the weaknesses are of late.

Remember clouds don't have walls, they are just pockets of air that hold water like a sponge.
When a cloud leaks, it's called rain.
:smug:
Title: Re: Deloitte Breach
Post by: deanwebb on September 26, 2017, 09:24:48 AM
Quote from: ZiPPy on September 26, 2017, 12:46:48 AM
We use them for auditing our financials, and we are a high profile account.  This should be interesting.

Interesting means it starts with a call from Deloitte to your management:

:phone:

Then your management will do this privately:

:kramer:

But they'll be like this publicly:

:disappoint:

Your developers will do this:

:shock:

Your security guys will do this:

:haha1:

And then do this after they're told they have to help clean up the mess:

:ckfacepalm:

And then your developers are all:

:mssql:

And the security guys look at the developers' solution and are like:

:no:

So the developers try again and think they have a fix:

:kidwoohoo:

The network guys have some thoughts on what the developers are hoping they can do in the datacenter:

:wha?:

Then management looks at the cost of all this:

:frustration:

And all the former employees are doing this as they hear the rumors and read the headlines:

:hankhill:

And that, my friends, is what "interesting" means when it comes to a cloud breach.
Text only | Text with Images