funsec mailing list archives

Re: Border Security System Left Open

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 14 Apr 2006 13:32:41 +1200

Fergie wrote:

A computer failure that hobbled border-screening systems at airports
across the country last August occurred after Homeland Security officials
deliberately held back a security patch that would have protected the
sensitive computers from a virus then sweeping the internet, according to
documents obtained by Wired News.


One has to question whether the folk running these systems even have 
the _minimal_ competence for doing their job.

Why are "sensitive" systems such as these on networks where they _can_ 
be exposed to network-spreading malware or [D]DoS attacks?

If they "must" (for god-only-knows-what reason) attach these machines 
to public sewer networks, then why are they running an OS that is so 
commonly (and trivially) exposed to such outages?

If they weren't connected to the Internet (which one would expect they 
weren't) then why weren't such "sensitive" systems attached to a 
properly fortified and locked down network?  One that only DHCPs for 
known MAC addresses or at least one that puts "unknown" MACs in their 
own, heavily restricted, VLAN??  [I won't name the European airport but 
I found free Ethernet access via its administrative network from an 
Ethernet jack in a public area in the last year.  You half expect this 
for WiFi, but for Ethernet??]

And, even if they "must" (for god-only-knows-what reason) run Windows, 
why are they not running the systems the dumbest of their dumb users 
(in terms of "PC smarts" and the level of OS access necessary to do 
their jobs) not running some extra-hardened, ultra-locked-down, least-
privileges configuration to totally minimize any possibility of 
something like Zotob affecting them?  Especially given that they 
clearly were NOT taking other "reasonable, best practice" precautions 
as suggested above?

Abject incompetence.

Fercrissakes...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Border Security System Left Open Fergie (Apr 12)
- Re: Border Security System Left Open Nick FitzGerald (Apr 13)
  - Re: Border Security System Left Open Valdis . Kletnieks (Apr 14)
    - Re: Border Security System Left Open Dude VanWinkle (Apr 14)
    - RE: Border Security System Left Open StyleWar (Apr 14)
    - RE: Border Security System Left Open James Kehl (Apr 15)
    - Re: Border Security System Left Open Dude VanWinkle (Apr 15)
    - Re: Border Security System Left Open Dude VanWinkle (Apr 15)
    - RE: Border Security System Left Open StyleWar (Apr 15)
    - Re: Border Security System Left Open Valdis . Kletnieks (Apr 15)
    - RE: Border Security System Left Open StyleWar (Apr 16)
    - Re: Border Security System Left Open Valdis . Kletnieks (Apr 16)

(Thread continues...)