Here’s a rare one from me, some Friday Night blogging! Why are you so lucky as to get this? Because I didn’t have time to do it yesterday!

In speaking with a customer today, I remembered something that many companies (not this customer) are missing when it comes to building secure and compliant environments. It’s really a scope creep issue when you look at it. Unfortunately, a very dangerous one.

What could this mystical threat be? That of core systems. Those systems that provide IT services to the larger server population. Here are a few systems to think about.

  • Domain Controllers
  • Anti-Virus Servers
  • Log Aggregators
  • Patch Management
  • Remote Access
  • Network Monitoring

Why are these a threat? Let’s take a look at the special environments you built for your high security areas. Maybe you have some credit card data, so you have a nice little cardholder enclave. HR lives in their own zone (workstations too) because they have LOTS of protected employee data there. Marketing has a little separate area because they collect customer information for their uses. Seems OK right?

Well, all of those areas might use a common IT infrastructure to function! That means that an unpatched vulnerability in an Anti-Virus server could lead to the disclosure of sensitive data!

Unlikely you say? We’ve investigated breaches where this very thing has happened. Some common server that is relied on or trusted by protected servers is breached, then the bad stuff happens.

The lawyers, the consultants, and the PR daymare (because the worst parts happen during the day, not at night).

My suggestion to combat this is to do one of two things. Either secure those common servers into vaults (and maybe in their own firewall zones), or duplicate the functionality inside each zone of the firewall to reduce the impact that compromising a major infrastructure item would have.

Now, off to enjoy the weekend. See you for more fun next week!

This post originally appeared on BrandenWilliams.com.

Possibly Related Posts:


0