[Info-vax] What to do with my VAX.....
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Fri Nov 20 12:18:48 EST 2020
On 2020-11-20 16:55:11 +0000, Phillip Helbig (undress to reply said:
> In article <rp8pku$8em$1 at dont-email.me>, Stephen Hoffman
> <seaohveh at hoffmanlabs.invalid> writes:
>
>> Not interesting for botnets, sure. But OpenVMS servers are absolutely
>> targets. Some are big ones.
>>
>> Various OpenVMS systems have a whole lot of money flowing through them,
>> can and do contain credit card information, and other sensitive data.
>>
>> These servers include large-scale order and payment processing and
>> stocking apps, banking and investments servers, stock market services,
>> and suchlike.
>
> And usually (always?) not connected to the internet. That doesn't mean
> that no unauthorized access is possible, but if it is, then there are
> probably much bigger problems.
At present, just shy of 1300 OpenVMS servers are directly connected to
the internet, among those that are connected and not otherwise masking
their identities.
Some of those OpenVMS servers are running in AWS, too. Those likely
running under emulation.
Above server population info is publicly available.
Other OpenVMS servers are directly connected but not running services
that can be finger-printed, and others are not directly connected.
And multi-step and indirect security attacks on networks are the norm,
and not at all unusual.
Indirect access applies to OpenVMS too, some of which was described in
the previous posting but was omitted from the quoted text. That text,
reposted here:
>> Not only are these OpenVMS servers targets, so too is VSI itself and
>> individually those people associated with VSI, as too are the various
>> OpenVMS-related freeware sites.
TL;DR:
Exploit markets and exploit usage differs for mass-deployed clients,
and for isolated and higher-value servers.
For those running OpenVMS in production, patch to current, and
implement monitoring and telemetry for security-relevant events and
activities. Preferably with the collected data remotely logged.
Review the security of your apps and server configurations and your
processes, as well.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list