undefined | Better HN

0 pointsspydum11y ago0 comments

typically the infrastructure which is supposed to be "uber sekure" has been well vetted, and is relatively secure.

The problem is, there is almost always some "trivial" system (public web site, severely outdated wordpress blog, or worse) that some poor fool in marketing/product "HAD TO HAVE YESTERDAY". The admins knew it wasn't mission critical, and would only be "temporary". So they spent minimal effort to set it up, skipped over all of the process and security hardening they would do for a proper release, and left it.

Of course, we know what happens: some hacker finds the exploits, then pivots to explore the internal network.

You will find most big enterprise-y shops build networks with hard exteriors, and soft interiors. Very few of their security plans are capable of a threat from inside the network.

0 comments

annnnd11y ago

I was always baffled by the notion of "internal network". Why do so many admins think that it is secure, that the device on it should be trusted more than some random PC on the Internet?

Usually there are PCs and mobile platforms on it, handled by more or less naive users... many of them could be / are turned into unsuspecting adversary to attacks.

One should always treat internal devices as potentially compromised.

j / k navigate · click thread line to collapse