The Fallacy of Internal Access Only

In the wake of Shell Shock, I’ve seen some vendor advisories indicate that while their product is vulnerable, it’s only through the management interface but everything is okay because if best practices have been followed, the management interface isn’t/hasn’t been exposed to the Internet.

No, everything is not okay. If best practices have been followed, then management interfaces have been locked down to particular IP addresses and not all internal IPs. However, this is still not a guarantee that everything is okay.

With the prevalence of phishing attacks to get a foot inside the network, and the relative success of those attacks, that means you can expect an attack from the inside at some point. Gone are the days where we honestly felt we could keep the bad guys out. Now we know they will get in and it’s a matter of detection and remediation. The faster the better. The game has changed from keeping them out to keeping them from getting anything useful. Since that’s the way the game is being played now, responses like what I’ve been seeing are worrisome. They show that the vendors in question don’t understand the change in the game.


2 Comments (+add yours?)

  1. TG
    Oct 07, 2014 @ 10:00:12

    Indeed, we cannot rely on a “crunchy on the outside chewy on the inside” network security model.


  2. Trackback: Slides and Code for SSIG Talk | Databases - Infrastructure - Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: