BlackHat is just a few days away
Soon I’ll be boarding a plane to Vegas for a week of information overload. This year I am going with a less structured plan of attack. Usually I try to schedule out my time at the conference, committing every waking hour to something…but not this time. I haven’t committed to any sessions, meetings, interviews, parties, nada! I feel less stressed about the week already.
A little story for all of you about a small start up firm I am helping. Usually I don’t share these stories because we have an investment in the company but this is not the case here. Too many startups are so interested in getting to market that they let everything else fall through the cracks, especially security. These folks needed to get a server that is currently in someone’s home in California shipped out to their Massachusetts office. My involvement was very limited, pretty much just telling them where to plug it in. I can’t help but ask questions though…..so my involvement grew.
First basic question was how did they plan on protecting this server since all they had was a public IP address. They hadn’t thought of that. THEY WERE GOING TO PLUG THE SERVER DIRECTLY ONTO THE PUBLIC NETWORK! That kicked off a quick lecture from me on why they need a firewall and general best practices. Next question was whether their internal people needed access to this server an how that was going to be accomplished. Again….they hadn’t thought about that either. They assumed the internal staff would magically have secure access to this server they were connecting only to the public network. I could continue with these basic questions and the lack of answers but you get the idea.
To make the story better, they plan to go live this weekend. The firewall is being delivered today and the server tomorrow. All they will have access to are a few wall jacks that have been preconfigured, one with a public connection and one on a private VLAN. They sublet space, so the in-house IT Staff where they work will not be around this weekend to assist in any issues that arise. What if the firewall is DOA? What if it never arrives? What if FedEx doesn’t come through with the Saturday delivery to a closed office? More stellar planning.
Glad it isn’t my server…
Filed under: Conference, Security, Startups | Leave a Comment