[Info-vax] Now you have way more things to worry about
Arne Vajhøj
arne at vajhoej.dk
Sat Jul 22 09:23:19 EDT 2023
On 7/22/2023 3:58 AM, Tholen wrote:
> When customers outsource their Windows admin responsibilities to India,
> Brazil, or the Philippines, they should expect that sort of thing.
>
> Windows isn't all that bad. If you perform due diligence and hardening
> as you're supposed to, it's pretty solid, resistant even. Ransomware
> exploits succeed because somebody screwed up, gave in to an internal
> customer, and didn't do it.
>
> The other major vulnerability is the design of the management network
> that permits these remote admins into the environments where they
> perform their tasks. Some of them are absolutely horrendous and provide
> complete direct access from an offshore location. That should never
> ever be permitted.
Remote system administration (system management in traditional VMS
terminology) is a requirement today.
Servers are in cloud facilities, colocation data centers,
centralized data centers etc..
It is not possible to have people in the computer room.
And remote access is remote access - there is no difference
between 10 miles and 10000 miles.
Arne
More information about the Info-vax
mailing list