12/14/04

Scarey Security Stories

A few years ago on the firewalls mailing list, someone disclosed management's lack of security clue in the following plea (dated Mon, 20 Nov 2000 06:22:10 -0600):
Is there anybody out there that can help me get some configurations right on our new Gauntlet firewall? I have never configured a firewall before and have not had training and this is very important to our company so I am feeling the pressure here. Any help would be appreciated!
(You can read my reply by searching for this on the Internet -- you will find it, or by reading NetSec Letter #15, which refers to it.) I read something scarier yesterday. I've anonymized it... a bit.
We are a small software business ... located in [a country providing lots of software development outsourcing for government and industry all over the world, but especially in the US]. We have a machine running Linux/Redhat to which all our computers connect for internet access through a DSL/Modem ...

For the last 6 months our DSL bills are extremely high. We examined our logs and there is someone using the bandwidth from our host every night. We can turnoff the machine but not sure if this is the right solution.

We have [taken some specific countermeasures]... But we still continue to see the nightly breaks into our host machine. We have no Linux expertise except as developers. We checked out firewall software price and it's expensive, and there is no expert support available. Can someone suggest a fix for this. Even a policy fix/advice would be helpfull.
So far, no one on the list has expressed horror about this situation. Will software developed ny this company end up in missle guidance systems? What about other companies -- in that country or anywhere in the world? How often are companies that develop critical systems audited for security practices and events? Shouldn't they be?

No comments: