Skip to content ↓ | Skip to navigation ↓

So in the middle of armageddon (which in Portland, Oregon means about 1 inch of snow), I am perusing the interwebs looking for signs of life and come across this little nugget about the McCain campaign selling off office equipment and other stuff including Blackberries that had not been erased. http://tinyurl.com/a4dw8t

The reporters realized what they had and actually began to call some of the numbers. If I haven’t said it before, I’ll say it now security people: Over 80 percent of the problems you face are not from the faceless hax0rs trying to get in. Its from inside your own network. Folks who retire old servers without wiping hard drives, sell their Blackberries on E-Bay without erasing them, people who write their passwords on a sticky note and stick them to their monitor.

You own internal policies may help or hinder some of these efforts…do you require staff to change their passwords every 60-90 days? Do you require complex passwords? What are your current account lockout settings? Have you adopted a security framework like the Center for Internet Security or ISO27001? Or have you adopted manufacturer standards like the VMWare Hardening Guidelines? Any of these things will help you put in place some modicum of security that will allow you to mitigate some of these internal security issues.

Can you imagine if the server someone was retiring was an ESX server and had failed to wipe the drives? You wouldn’t just be giving someone A server…you would be giving them a BUNCH of servers…like Frank Barrone or our very own Gene Kim likes to say…HOLY CR@P!

Hacking Point of Sale
  • Great advice! One thing I would add is using Splunk to index all of your ESX/VirtualCenter logs along with all of your other IT data. Getting hacked is one thing, but going back to see exactly what happened is just as important. IT forensics ftw!