Poor configuration management a common cause of massive data breaches

“Misconfigured server causes massive data breach”.

“Poorly configured networks to blame for data breaches”.

“Incorrectly configured device collected data over a period of several months”.

From the above headlines, it is clear that failure to properly configure your servers, computers and network devices can lead to a wide variety of security problems.

Networks are often reconfigured to accommodate new tasks or users, but when network configurations are changed it’s not difficult to guess the impact that those changes may have. A new configuration could inadvertently introduce risk.

Every device plugged into your network must be configured properly, and network managers have to know how all network devices are configured and secured.

It seems to be an accepted fact that Target didn’t realise there was a third-party system from an HVAC vendor directly connected into its core network when it suffered one of the biggest customer data breaches in history. According to Backbox, if Target had realised that the vendor was connected to its network, it could have prevented the data breach by reverting to the configuration setting before the HVAC vendor connected. Another option could have been to put the vendor’s system on a separate VLAN, had they realised that a security breach had occurred.

Data breaches due to configuration problems are well documented.

In another incident in October 2014, a misconfigured Oracle Reports database server exposed customer account numbers, account balances and other sensitive data of the largest US bond insurer, MBIA.  The leaked data was also indexed on many popular search engines.

ESecurity Planet also reported that misconfigured servers were the cause of a raft of recent data breaches: “In November 2013, approximately 2,000 Chicago Public Schools students’ personal information was exposed when a server was incorrectly configured; in January 2014, EasyDraft, which was processing payments for Bright Horizons Family Solutions, acknowledged that a misconfigured server had been exposing Bright Horizons customers’ names, bank routing numbers and bank account numbers since October 2012; and in May 2014, San Diego State University began notifying 1,050 people that a misconfigured server had exposed their names, Social Security numbers, birthdates and addresses.”

Backbox says that data breaches are often blamed on vulnerabilities due to obsolete technology, but network misconfigurations are more likely to be the cause of such a breach.  Someone could change a firewall setting, unwittingly allowing traffic that would otherwise have been blocked. Incorrect file permissions on a server could also expose data to risk. By regularly backing up network configurations, the IT team can respond quickly to misconfigurations, reverting to secure configurations before any damage can be done.

Research conducted by Opsview in 2013 revealed that one third of companies globally do not back up their network device configurations. Of those that do, 20% of businesses are backing up their configurations manually.

Secure configuration forms the backbone of any intelligent information security programme, and are mandated by most leading standards and frameworks, such as Cyber Essentials. IT Governance offers unique solutions to help you meet the requirements of the Cyber Essentials scheme at a pace and for a budget that suits you.

For the low price of £300, you can now get certified to Cyber Essentials with CyberComply! CyberComply automates the entire application process and includes external vulnerability scans that provide an additional, independent level of verification to confirm your cyber security status.

CyberEssentials-Certification-CREST

Share now…

Share on Twitter Share on Facebook Share on LinkedIn