Misconfigured Networks Main Cause of Breaches

← Back to Stories (view on slashdot.org)

Misconfigured Networks Main Cause of Breaches

Posted by CmdrTaco on Tuesday August 31, 2010 @09:54AM from the probably-including-you dept.

An anonymous reader writes "Responses to a survey from attendees of the DEFCON 18 conference revealed that 73% came across a misconfigured network more than three quarters of the time – which, according to 76% of the sample, was the easiest IT resource to exploit. Results revealed that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits. 14% felt that compliance audits that don't always capture security best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed play a key role."

48 of 78 comments (clear)

Min score:

Reason:

Sort:

Check those facts & figures by Just_Say_Duhhh · 2010-08-31 09:58 · Score: 2, Funny

73% came across a misconfigured network more than three quarters of the time – which, according to 76% of the sample, was the easiest IT resource to exploit.
So are we to believe that 73% is more than three quarters, or is this a case where 90% of IT is half-mental?

--
I need trepanation like I need a hole in the head.
1. Re:Check those facts & figures by Sir_Lewk · 2010-08-31 10:05 · Score: 2, Informative
  
  Presumably the other 3% thought it was the easiest IT resource to exploit, but did not actually come across them more than three quarters of the time.
  This summary is an absolute nightmare.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
2. Re:Check those facts & figures by rotide · 2010-08-31 10:09 · Score: 1
  
  "a survey from attendees of the DEFCON 18 conference revealed that 73% came across a misconfigured network more than three quarters of the time – which, according to 76% of the sample, was the easiest IT resource to exploit."
  Seriously, that throws my head into a god damn wall.
  This is how I slowly try and rephrase the sentence. Anyone else reading it this way? "73% of respondents to the survey found the network misconfigured more than 75% of the time and 76% of those 73% of respondents said that was the easiest IT resource to exploit."
  Terrible writing when you have to try and decode a simple sentence. Feels like I'm trying to figure out some legal doc.
3. Re:Check those facts & figures by Anonymous Coward · 2010-08-31 10:11 · Score: 1, Funny
  
  I'm assuming it's part of the Da Vinci Code until proven otherwise.
4. Re:Check those facts & figures by Vanders · 2010-08-31 10:12 · Score: 1
  
  They've done studies. 60% of the time, it works every time...
  
  --
  Syllable : It's an Operating System
5. Re:Check those facts & figures by Just_Say_Duhhh · 2010-08-31 10:29 · Score: 1
  
  After a dozen re-reads of TFA, my head came away from the wall, and I can now understand your rewrite.
  My manager, however, will have to wait for the powerpoint presentation with pie charts and bar graphs. As we all know, 73% of managers can't understand more than three quarters of the information you present to them.
  
  --
  I need trepanation like I need a hole in the head.
6. Re:Check those facts & figures by hedwards · 2010-08-31 10:34 · Score: 1
  
  There's nothing wrong with that. It means that 90% of the IT tasks are half mental, whereas the other 10% of the tasks could be completely mindless or 90% mental. Or it could be on the basis of time spent on IT tasks. But it really doesn't represent any sort of problem of logic or numbers. IT and mental processing aren't so tightly bound as to make that line of reasoning sound.
7. Re:Check those facts & figures by causality · 2010-08-31 10:38 · Score: 1
  
  "a survey from attendees of the DEFCON 18 conference revealed that 73% came across a misconfigured network more than three quarters of the time – which, according to 76% of the sample, was the easiest IT resource to exploit."
  Seriously, that throws my head into a god damn wall.
  This is how I slowly try and rephrase the sentence. Anyone else reading it this way? "73% of respondents to the survey found the network misconfigured more than 75% of the time and 76% of those 73% of respondents said that was the easiest IT resource to exploit."
  Terrible writing when you have to try and decode a simple sentence. Feels like I'm trying to figure out some legal doc.
  Yeah, sounds like just the sort of thing that professional editors are supposed to clean up. Oh wait, this is Slashdot.
  
  Another gem from the summary caught my eye:
  
  11% felt that threat vectors that change faster than they can be addressed play a key role.
  That item is not a (mis)configuration issue. Besides, the best way to maintain the advantage in this arms race is to make sure that your systems do exactly what they are intended to do and nothing else. Default-deny is a good policy and not just for firewalls.
  
  Results revealed that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits.
  Actually they're the result of incompetence and/or apathy. The purpose of an audit is to reveal that incompetence and/or apathy has taken place so that it may be corrected in the future. Good auditing may mitigate this issue just like a band-aid can protect a cut on your hand, but the band-aid or lack thereof was not what caused your hand to get cut. Cause-and-effect fail.
  
  Responses to a survey from attendees of the DEFCON 18 conference revealed that 73% came across a misconfigured network more than three quarters of the time – which, according to 76% of the sample, was the easiest IT resource to exploit.
  Low-hanging fruit like that is the great enabler of botnets and other black-hat criminals everywhere. I wonder how much this problem is caused by "I manage people not machines!" managers who have no idea how to accurately assess the competence of a sysadmin.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
8. Re:Check those facts & figures by jd · 2010-08-31 10:42 · Score: 2, Funny
  
  Nonono. We had the Russian Station transmit secret numbers recently, this is clearly a response from agents in the field.
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
9. Re:Check those facts & figures by jd · 2010-08-31 10:44 · Score: 1
  
  Understanding the rewrite doesn't help if the margin of error means that 73% == 76% three-quarters of the time.
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
10. Re:Check those facts & figures by causality · 2010-08-31 10:46 · Score: 1
  
  There's nothing wrong with that. It means that 90% of the IT tasks are half mental, whereas the other 10% of the tasks could be completely mindless or 90% mental.
  Does not compute.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
11. Re:Check those facts & figures by Arthur+Grumbine · 2010-08-31 11:08 · Score: 2, Insightful
  
  This summary is an absolute nightmare.
  I just assumed it was written by the marketing team for Sex Panther.
  
  --
  Now that I think about it, I'm pretty sure everything I just said is completely wrong.
12. Re:Check those facts & figures by pinkushun · 2010-09-01 02:16 · Score: 1
  
  Suddenly this sub-thread isn't so funny now that it actually makes sense.
The other 57% by Sir_Lewk · 2010-08-31 10:02 · Score: 1

Results revealed that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits. 14% felt that compliance audits that don't always capture security best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed play a key role."
Ok, so what did the other 57% think that misconfigured networks are the result of?

--
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
1. Re:The other 57% by Kepesk · 2010-08-31 10:19 · Score: 1
  
  Ok, so what did the other 57% think that misconfigured networks are the result of?
  Obviously, too much time spent playing Facebook games.
  
  --
  Help me fix my brother's injured butt!
2. Re:The other 57% by mysidia · 2010-08-31 11:40 · Score: 1
  
  Ok, so what did the other 57% think that misconfigured networks are the result of?
  Incorrect / erroneous / misapplied example configurations ranking high in Google search results?
The statistics are amazing, just amazing by Swave+An+deBwoner · 2010-08-31 10:05 · Score: 1

"This realization is made worse when you consider that 57% of the security professionals we surveyed classified themselves as a black or grey hat hacker, and 68% of respondents admitted hacking just for fun," said Reuven Harrison, CTO at Tufin.

Wow. 57% of the security professionals at DEFCON consider themselves a .. hacker!

Wow.
1. Re:The statistics are amazing, just amazing by al0ha · 2010-08-31 10:41 · Score: 1
  
  Yeah, you can rely on a statistic based on being a self proclaimed hacker, perhaps much akin to statistics on self proclaimed geniuses..
  
  Based on the responses what we really know is that out of the 43% who did not admit to being a Black Hat, some percentage actually does engage in such activities.
  
  --
  Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
Misconfigured networks by Culture20 · 2010-08-31 10:06 · Score: 2, Interesting

So, that means vulnerable ports were open to "the world" on the systems, and the "network" was supposed to be doing the firewalling? Network firewalls and system firewalls should use identical policies.
1. Re:Misconfigured networks by causality · 2010-08-31 10:57 · Score: 3, Informative
  
  So, that means vulnerable ports were open to "the world" on the systems, and the "network" was supposed to be doing the firewalling? Network firewalls and system firewalls should use identical policies.
  That's a bit general. Say you want to run a Samba fileserver to share files among Windows clients. You'd want the fileserver on your internal network to accept connections from the relevant ports. You would not want the firewall standing between your network and the Internet to also have that port open to the world.
  
  While it's true that a conscientious admin would tighten up the Samba server's firewall by specifying both ports and IP addresses/ranges (or other credentials) that are acceptable, you still wouldn't have identical policies between the internal systems and the firewall controlling what can connect from outside.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
2. Re:Misconfigured networks by Culture20 · 2010-08-31 11:55 · Score: 2
  
  That's a bit general. Say you want to run a Samba fileserver to share files among Windows clients. You'd want the fileserver on your internal network to accept connections from the relevant ports. You would not want the firewall standing between your network and the Internet to also have that port open to the world. While it's true that a conscientious admin would tighten up the Samba server's firewall by specifying both ports and IP addresses/ranges (or other credentials) that are acceptable, you still wouldn't have identical policies between the internal systems and the firewall controlling what can connect from outside.
  Good point. I should think more often before I type.
Re:This is news? by blair1q · 2010-08-31 10:12 · Score: 1

Everyone at Cisco knows this.
Everyone in their customer list is on their own.
Of those 73 percent of misconfigured networks... by GPLDAN · 2010-08-31 10:14 · Score: 4, Informative

Probably 95 percent of THOSE networks were defeated using Doug Song's tools.

http://monkey.org/~dugsong/dsniff/
73% of the time by OCURServant · 2010-08-31 10:19 · Score: 1

I'm right 100% of the time...
I think hackers are responsible for by barfy · 2010-08-31 10:20 · Score: 1

most of the break-ins.
Best security advice I ever got..... by LibertineR · 2010-08-31 10:25 · Score: 4, Insightful

"It aint a firewall, unless it stops shit going in BOTH DIRECTIONS."
Re:What Is The Explanation For The Slashdot Outage by WrongSizeGlass · 2010-08-31 10:26 · Score: 1

If I didn't know better I'd think you'd posted Paris Hilton's 'ToDo' list for today.
Simple fix? by Bryansix · 2010-08-31 10:27 · Score: 1

Buy an ASA from Cisco. It come preconfigured to drop all traffic. Configure the local subnet and leave everything else alone. Use hosted solutions for email, file sharing, applications. Pay the money to make sure you get solution providers who know their shit. Force SSL over all of those connections. And Done.
1. Re:Simple fix? by Bryansix · 2010-08-31 10:40 · Score: 1
  
  That's not a misconfigured network. Also Postini is pretty good at that problem. Not perfect, but pretty good.
2. Re:Simple fix? by LibertineR · 2010-08-31 10:40 · Score: 2, Interesting
  
  ....and what is your solution when I come in and tell your fat receptionist that she looks nice in that moo-mu, and that I am there to fix the phones, but maybe we can go for a drink when I am done, and can I have access to the IT closet at 5:02pm?
3. Re:Simple fix? by Bryansix · 2010-08-31 10:46 · Score: 1
  
  9-1-1 and duck!
4. Re:Simple fix? by LibertineR · 2010-08-31 10:47 · Score: 1
  
  The correct answer is to put the ASA in front of an ISA or TMG server, and use it only for packet inspection and port blocking. Forward only the necessary ports for your business, and whatever is allowed is explicitly enabled AND authenticated by domain\user.
  That way, nothing gets in OR out that is not expressly permitted, or tied to a specific user account. An internal effected machine cant send anything out the gateway if its not via 8080 with the firewall client, and with a rule naming its executable.
5. Re:Simple fix? by Bryansix · 2010-08-31 10:47 · Score: 1
  
  On a more serious note, more and more phone systems are actually administered by the IT consultants or the IT Staff. So there is only one point of contact for everything.
6. Re:Simple fix? by LibertineR · 2010-08-31 10:53 · Score: 1
  
  Yeah, but the Chub-ette at the front desk doesn't know that..., nor does her temp fill-in when she goes for that gastric bypass.... Point being, if they want in, they will get in. You have to stop them even if they are inside.
7. Re:Simple fix? by Bryansix · 2010-08-31 11:43 · Score: 1
  
  When I was system admin, only the IT department had the keys to the server room. The CEO had a copy but he wasn't a moron so it was ok.
8. Re:Simple fix? by c6gunner · 2010-08-31 12:17 · Score: 4, Funny
  
  Hire lesbians.
9. Re:Simple fix? by TubeSteak · 2010-08-31 12:18 · Score: 1
  
  ....and what is your solution when I come in and tell your fat receptionist that she looks nice in that moo-mu, and that I am there to fix the phones, but maybe we can go for a drink when I am done, and can I have access to the IT closet at 5:02pm?
  Network audits.
  It's right there in the summary.
  Detection and mitigation of penetration is equally as important as trying to prevent the intrusion in the first place.
  
  --
  [Fuck Beta]
  o0t!
10. Re:Simple fix? by Necrotica · 2010-08-31 12:44 · Score: 1
  
  You don't work in a large enterprise, do you?
WAAAAAAAA THE NETWERK! by lanner · 2010-08-31 10:30 · Score: 1

"Waaaaaa! The network's down!"
"Waaaaaa! The network's slow!"
As a real network admin, I hear this at minimum, once a week, sometimes more often.
95% of the time, it's not the network. It's almost always the endpoints.
How is the network to blame here? Someone screw up spanning tree, OSPF not using md5 authentication? DHCP mis-configuration? DNS? Wrong gateway used? What? The article gives nothing, just like most of the sysadmins and managers that come to my desk crying about how slow scp/nfs/smb copies are all because of the network and how they can't understand why they can't just bridge Infiniband over Ethernet.
Stop crying about the network.
1. Re:WAAAAAAAA THE NETWERK! by mandelbr0t · 2010-08-31 11:22 · Score: 1
  
  95% of the time, it's not the network. It's almost always the endpoints.
  I'm guessing a new way of saying PIBCAK?
  
  Stop crying about the network.
  And start looking at where the real problem might be. The guy with an MBA from an online university and an entry-level Microsoft certification being responsible for the hiring just might have something to do with how IT is a great steaming shithole.
  
  --
  "Please describe the scientific nature of the 'whammy'" - Agent Scully
2. Re:WAAAAAAAA THE NETWERK! by Theoboley · 2010-09-01 07:58 · Score: 1
  
  I prefer the PICNIC problem. Problem In Chair, not in Computer.
  
  --
  Stupidity only gets you so far, then you've gotta try
Re:Of those 73 percent of misconfigured networks.. by carp3_noct3m · 2010-08-31 11:21 · Score: 1

Ahh, good old Dsniff, urlsnarf, etc. Had lots of good times with them.

--
"It's ok, I'm completely secure as long as my iron is off"
statistics overload? by scotty.m · 2010-08-31 11:36 · Score: 1

73% of people encountered a misconfigured network 75% of the time... (by my calculations thats 54% of networks are misconfigured?)
76% of people beleive a misconfigured newtwork this is the easiest resource to exploit
18% of people beleive a misconfigured network is due to insufficient time/money

--
Has anyone really been far even as decided to use even go want to do look more like?
[ST8Z6FR57ABE6A8RE9UF]
How much of that is due to old software / hardware by Joe+The+Dragon · 2010-08-31 12:05 · Score: 1

How much of that is due to old software / hardware? That needs not so much of a misconfigured setup more like a one with some open areas. That are needed to make the old software / hardware work.
Check your reading comprehension by blueg3 · 2010-08-31 15:32 · Score: 3, Informative

Imagine everyone was asked how often they came across a misconfigured network. One guy answered "about 80% of the time". Another guy answered "20% of the time." 73% of the respondents, when asked, gave an answer that was higher than "75% of the time".
Separately, respondents were asked what IT resource was easiest to exploit, and 76% of them said "network".
1. Re:Check your reading comprehension by DontBlameCanada · 2010-09-01 01:01 · Score: 1
  
  A recent study found that 74.23% of all statistics quoted in /. articles were invented on the spot in an effort to trick folks who only read the article summary into modding them up.
Firewall the boundary - all that's needed by pacman+on+prozac · 2010-08-31 19:48 · Score: 1

There's a lot of comments saying "use a decent firewall and you're sorted".
On any non-trivial network, if the only security in place is a firewall on the boundary then you're probably one of the 3/4 of easily exploitable networks mentioned in the article.
Viruses, social engineering, playing with applications that are allowed through (e.g. HTTPS web apps), dial-ins, wireless, abusive staff, there is a never ending list of attack vectors if you only pay attention to the perimeter. Like the article says: 43% of respondents view planting a rogue member of staff inside a company as one of the most successful hacking methodologies..
Shitty study by evel+aka+matt · 2010-09-01 02:04 · Score: 4, Informative

I was at Defcon this year (like always), and the people conducting this study were essentially paid per response, which I'm sure is quite common. We were standing on the Riv steps, during one of our many cigarette breaks, and some girl came up and asked us to do her survey.
Us: "This question doesn't really make sense."
Her: "Just check any box, I need to get them all filled."
And that's basically how it went. The question/answers seemed a little silly, and there were a lot of excluded middles. The surveyors knew nothing of the questions, and were just trying to get out there of (can't blame 'em). The answer space was a checkbox, and if you saw it, you'd see how easy it'd be to just fill out the rest of the boxes with similar answers if you wanted to go home.