Jump to content

Search the Community

Showing results for tags 'critical network security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Discussion Forums
    • AFV Forum
    • General Naval and Air
    • Weapons other than Tanks (WOTTs)
    • King Sargent Military History Forum
    • Military Current Events
    • Armor Scientific Forum
    • Modeller's Forum
    • Gamer's Forum
    • Free Fire Zone
    • Tanknet Library
    • Hall of Remembrance
  • TankNet Features
    • Reception Station
    • The Whine Cellar
    • The Trading Post
  • Administrative & News
    • TankNet News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Jabber


Skype


Location


Interests

Found 1 result

  1. So on the 13th there was an announcement that Solar Winds's code itself had been compromised. This is posted in the Military Current Events because this is FAR worse than the OPM breach of more than 4 years ago. This means that malign third parties thus have root level access of networks of thousands of US companies AND Government networks. They have had this access since around April of this year. This is in this CERT announcement. Emergency Directive 21-01 https://cyber.dhs.gov/ed/21-01/ This is VERY Bad. Solar Winds, as a software package that runs on a server one places inside one's network is able to crawl one's networking devices so as to generate topological maps of your network architecture. I've used Solar Winds derived maps for solving networking problems that arise when you have a complex network and poor historical knowledge for various segments. The problem is that the mapping/analytics system needs to have passwords for your environment so as to crawl it and identify what ports are connected to what device. This means that the software effectively has credentials for your network that allow a profuse level of movement through it. The malware was inserted into the Solar Winds software at their code repository level, so it was compiled and sent out as part of the normal payload of updates one could apply to one's Solar Winds install instances. This mean that it would run, as part of solar winds and which would be white listed from your usual network security scans for malicious activity across your network. Interestingly, FireEye was who caught this and their platform managed to catch the data payload. The product list gives one an idea of what sorts of systems that may have been compromised by this rather large breach From the Solar Winds Security advisory: https://www.solarwinds.com/securityadvisory
×
×
  • Create New...