IT Security Rewind – Week of August 15, 2011
by Josh Arrington
Limitations of technologies that are supposed to be protecting against emerging security vulnerabilities, deeper examinations of mainstream breaches and more painful insider attacks—they’re all a part of the next installment of our IT Security Rewind Series. Let’s take a look, shall we?
- You Live, You Learn: Few attacks generated as much media coverage and buzz as the attack against RSA that occurred earlier this year. This video interview from ThreatPost with Uri Rivner of RSA breaks down the different aspects of the attack including the elevation of privileges that were used to the advantage of the hackers. As Rivner explains, this breach directly exposes the limitations associated with a security strategy focused on perimeter protection, and not on the accessibility of the sensitive information and controls that can easily be manipulated from the inside of a system.
- DAMn—Is this technology working?: A feature from Ericka Chickowski of Dark Reading finds that financial institutions are still struggling with insider threats and other security vulnerabilities despite investments in database activity monitoring tools. While DAM technology plays a critical role in protecting against SQL injections and exploits in database protocols and commands, its inherent limitation in providing for privileged user monitoring may play a key role in its apparent ineffectiveness.
- Fast Food Diner on Network Crime: As IDG reported, a former IT worker at the U.S. subsidiary of Japanese drug-maker Shionogi, has pleaded guilty to effectively using his privileged access and controls to “create virtual chaos” by wiping out the VMWare host services that ran the company’s corporate email systems. Apparently, after laying off the employee, Jason Cornish, Shionogi did a poor job of revoking passwords to the company’s network. Using a Shionogi account, Cornish logged on from a public McDonald’s Internet connection to access a vSphere VMware management console that he’d secretly installed on the company’s network a few weeks earlier. He then proceeded to delete 88 company servers from the VMware host systems—further highlighting the need to control privileged users in both physical AND virtual environments.
That’s a wrap for this week—let us know what other stories you think should be added to the rewind.