South Korean Firm Pays Massive Ransom
-
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
Treating Windows like a production level system changes things significantly. Just so many people running it don't
I know many Windows admins who think all they have to do is deploy MS patches and they are safe. It is quite comical, really. They dont patch 3rd party with any centralized tool and they don't run vuln scans on their servers. As long as their MS patches are up to date, it is smooth sailing. Who cares if you have Adobe Reader 8 on your server as long as you have MS patches
-
@IRJ I'm working to get a proper security assessment of everything in my org.
I'm also drafting my own documentation on how things are setup, and what is what. So no I don't run security audits of the items on premise, but wish I could / do.
-
@DustinB3403 said in South Korean Firm Pays Massive Ransom:
@IRJ I'm working to get a proper security assessment of everything in my org.
I'm also drafting my own documentation on how things are setup, and what is what. So no I don't run security audits of the items on premise, but wish I could / do.
I can give you some advice on getting started if you'd like. All free , opensource tools
-
@IRJ Sure, lets create a new topic though
-
@IRJ said in South Korean Firm Pays Massive Ransom:
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
Treating Windows like a production level system changes things significantly. Just so many people running it don't
I know many Windows admins who think all they have to do is deploy MS patches and they are safe.
I know tons that feel that all they have to do is AVOID patching Windows and they'll be safe. How many people have argued with me that the risk of patching and keeping systems up to date is worse than the threat of malware and hacking! I've literally been told this, over and over again! So many Windows Admins fear Windows itself more than they fear anything else.
-
@IRJ said in South Korean Firm Pays Massive Ransom:
No there isn't as many vulnerabilities found, and from an attacker point of view who cares if they get in because of the OS or because of an IIS flaw or Adobe Reader flaw.
Well we do. If we are running our own systems, selecting our own software, etc. we certainly care if the issue is that Windows is insecure, or if something we don't run but lots of other people do on Windows is insecure or if the issue is just that other Windows Admins do insecure things. Yes, there is an association, people running Adobe are way more likely to be doing so on Windows than on Linux, granted. But to say Windows is vulnerable requires causality, not correlation. It's not windows making it vulnerable, it's Adobe.
By that logic, we'd also say that all people who deploy Windows are vulnerable (which is more true than anything else) and that companies willing to run on Windows are inherently insecure and so forth.
Windows might not match Linux in security, but it is really good on its own. That it is almost always used by people who can't figured out security or the need for it doesn't influence what is good for us.
Example - Ferraris are one of the safest cars in the world, yet Ferrari drivers have terrible accidents all of the time because rich kids drive them like idiots. As a car buyer, that other people who drive badly often buy Ferraris does not tell me that a Ferrari is more dangerous for me. The purchasing of the Ferrari does not make me a bad driver.
Same here, if you are a secure admin, using windows will work just fine for you. If you are an insecure one, Linux won't work for you either... but for other reasons, chances are, you won't deploy Linux, only Windows.
Summary: Insecure people choose Windows, Windows doesn't make people insecure.
-
The thing I like about Windows 10 is that it does a better job at forcing users or at least home users to update. Unlike Windows XP because we all know back then users hardly pay attention to updates. Heck I still she that happens even with 7 and 8 a lot.
-
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
@IRJ said in South Korean Firm Pays Massive Ransom:
No there isn't as many vulnerabilities found, and from an attacker point of view who cares if they get in because of the OS or because of an IIS flaw or Adobe Reader flaw.
Well we do. If we are running our own systems, selecting our own software, etc. we certainly care if the issue is that Windows is insecure, or if something we don't run but lots of other people do on Windows is insecure or if the issue is just that other Windows Admins do insecure things. Yes, there is an association, people running Adobe are way more likely to be doing so on Windows than on Linux, granted. But to say Windows is vulnerable requires causality, not correlation. It's not windows making it vulnerable, it's Adobe.
By that logic, we'd also say that all people who deploy Windows are vulnerable (which is more true than anything else) and that companies willing to run on Windows are inherently insecure and so forth.
Windows might not match Linux in security, but it is really good on its own. That it is almost always used by people who can't figured out security or the need for it doesn't influence what is good for us.
Example - Ferraris are one of the safest cars in the world, yet Ferrari drivers have terrible accidents all of the time because rich kids drive them like idiots. As a car buyer, that other people who drive badly often buy Ferraris does not tell me that a Ferrari is more dangerous for me. The purchasing of the Ferrari does not make me a bad driver.
Same here, if you are a secure admin, using windows will work just fine for you. If you are an insecure one, Linux won't work for you either... but for other reasons, chances are, you won't deploy Linux, only Windows.
Summary: Insecure people choose Windows, Windows doesn't make people insecure.
Yes, this was the point I was trying to make... but you said it so much better.
-
Besides not patching, I've seen Windows environments where the firewall is turned off or allowing all incoming traffic.
Home users using a 3rd party paid security software and not keeping up with subscription. Not sure why would anyone use 3rd party when Windows 10 provides a good one that is always available and up to date. That's including Server 2016 too.
-
@black3dynamite said in South Korean Firm Pays Massive Ransom:
Besides not patching, I've seen Windows environments where the firewall is turned off or allowing all incoming traffic.
That's big too. So many people don't trust Microsoft's defaults. They disable nearly all the security that they can find.
-
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
@IRJ said in South Korean Firm Pays Massive Ransom:
No there isn't as many vulnerabilities found, and from an attacker point of view who cares if they get in because of the OS or because of an IIS flaw or Adobe Reader flaw.
Well we do. If we are running our own systems, selecting our own software, etc. we certainly care if the issue is that Windows is insecure, or if something we don't run but lots of other people do on Windows is insecure or if the issue is just that other Windows Admins do insecure things. Yes, there is an association, people running Adobe are way more likely to be doing so on Windows than on Linux, granted. But to say Windows is vulnerable requires causality, not correlation. It's not windows making it vulnerable, it's Adobe.
By that logic, we'd also say that all people who deploy Windows are vulnerable (which is more true than anything else) and that companies willing to run on Windows are inherently insecure and so forth.
Windows might not match Linux in security, but it is really good on its own. That it is almost always used by people who can't figured out security or the need for it doesn't influence what is good for us.
Example - Ferraris are one of the safest cars in the world, yet Ferrari drivers have terrible accidents all of the time because rich kids drive them like idiots. As a car buyer, that other people who drive badly often buy Ferraris does not tell me that a Ferrari is more dangerous for me. The purchasing of the Ferrari does not make me a bad driver.
Same here, if you are a secure admin, using windows will work just fine for you. If you are an insecure one, Linux won't work for you either... but for other reasons, chances are, you won't deploy Linux, only Windows.
Summary: Insecure people choose Windows, Windows doesn't make people insecure.
Well the Windows OS itself is less secure by far. So there is also that...
-
@IRJ said in South Korean Firm Pays Massive Ransom:
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
@IRJ said in South Korean Firm Pays Massive Ransom:
No there isn't as many vulnerabilities found, and from an attacker point of view who cares if they get in because of the OS or because of an IIS flaw or Adobe Reader flaw.
Well we do. If we are running our own systems, selecting our own software, etc. we certainly care if the issue is that Windows is insecure, or if something we don't run but lots of other people do on Windows is insecure or if the issue is just that other Windows Admins do insecure things. Yes, there is an association, people running Adobe are way more likely to be doing so on Windows than on Linux, granted. But to say Windows is vulnerable requires causality, not correlation. It's not windows making it vulnerable, it's Adobe.
By that logic, we'd also say that all people who deploy Windows are vulnerable (which is more true than anything else) and that companies willing to run on Windows are inherently insecure and so forth.
Windows might not match Linux in security, but it is really good on its own. That it is almost always used by people who can't figured out security or the need for it doesn't influence what is good for us.
Example - Ferraris are one of the safest cars in the world, yet Ferrari drivers have terrible accidents all of the time because rich kids drive them like idiots. As a car buyer, that other people who drive badly often buy Ferraris does not tell me that a Ferrari is more dangerous for me. The purchasing of the Ferrari does not make me a bad driver.
Same here, if you are a secure admin, using windows will work just fine for you. If you are an insecure one, Linux won't work for you either... but for other reasons, chances are, you won't deploy Linux, only Windows.
Summary: Insecure people choose Windows, Windows doesn't make people insecure.
Well the Windows OS itself is less secure by far. So there is also that...
Which ones are we comparing? I agree, Windows 95 is much less secure than CentOS 7.
-
@Tim_G said in South Korean Firm Pays Massive Ransom:
@IRJ said in South Korean Firm Pays Massive Ransom:
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
@IRJ said in South Korean Firm Pays Massive Ransom:
No there isn't as many vulnerabilities found, and from an attacker point of view who cares if they get in because of the OS or because of an IIS flaw or Adobe Reader flaw.
Well we do. If we are running our own systems, selecting our own software, etc. we certainly care if the issue is that Windows is insecure, or if something we don't run but lots of other people do on Windows is insecure or if the issue is just that other Windows Admins do insecure things. Yes, there is an association, people running Adobe are way more likely to be doing so on Windows than on Linux, granted. But to say Windows is vulnerable requires causality, not correlation. It's not windows making it vulnerable, it's Adobe.
By that logic, we'd also say that all people who deploy Windows are vulnerable (which is more true than anything else) and that companies willing to run on Windows are inherently insecure and so forth.
Windows might not match Linux in security, but it is really good on its own. That it is almost always used by people who can't figured out security or the need for it doesn't influence what is good for us.
Example - Ferraris are one of the safest cars in the world, yet Ferrari drivers have terrible accidents all of the time because rich kids drive them like idiots. As a car buyer, that other people who drive badly often buy Ferraris does not tell me that a Ferrari is more dangerous for me. The purchasing of the Ferrari does not make me a bad driver.
Same here, if you are a secure admin, using windows will work just fine for you. If you are an insecure one, Linux won't work for you either... but for other reasons, chances are, you won't deploy Linux, only Windows.
Summary: Insecure people choose Windows, Windows doesn't make people insecure.
Well the Windows OS itself is less secure by far. So there is also that...
Which ones are we comparing? I agree, Windows 95 is much less secure than CentOS 7.
That's actually DOS as the OS. And DOS might actually be decently secure
-
Mostly because... there was nothing to secure, ha ha.
J/K the lack of users was pretty insecure.
-
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
@Tim_G said in South Korean Firm Pays Massive Ransom:
@IRJ said in South Korean Firm Pays Massive Ransom:
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
@IRJ said in South Korean Firm Pays Massive Ransom:
No there isn't as many vulnerabilities found, and from an attacker point of view who cares if they get in because of the OS or because of an IIS flaw or Adobe Reader flaw.
Well we do. If we are running our own systems, selecting our own software, etc. we certainly care if the issue is that Windows is insecure, or if something we don't run but lots of other people do on Windows is insecure or if the issue is just that other Windows Admins do insecure things. Yes, there is an association, people running Adobe are way more likely to be doing so on Windows than on Linux, granted. But to say Windows is vulnerable requires causality, not correlation. It's not windows making it vulnerable, it's Adobe.
By that logic, we'd also say that all people who deploy Windows are vulnerable (which is more true than anything else) and that companies willing to run on Windows are inherently insecure and so forth.
Windows might not match Linux in security, but it is really good on its own. That it is almost always used by people who can't figured out security or the need for it doesn't influence what is good for us.
Example - Ferraris are one of the safest cars in the world, yet Ferrari drivers have terrible accidents all of the time because rich kids drive them like idiots. As a car buyer, that other people who drive badly often buy Ferraris does not tell me that a Ferrari is more dangerous for me. The purchasing of the Ferrari does not make me a bad driver.
Same here, if you are a secure admin, using windows will work just fine for you. If you are an insecure one, Linux won't work for you either... but for other reasons, chances are, you won't deploy Linux, only Windows.
Summary: Insecure people choose Windows, Windows doesn't make people insecure.
Well the Windows OS itself is less secure by far. So there is also that...
Which ones are we comparing? I agree, Windows 95 is much less secure than CentOS 7.
That's actually DOS as the OS. And DOS might actually be decently secure
Fine... DOS in Win95 GUI is much less secure than CentOS 7.
-
@Tim_G said in South Korean Firm Pays Massive Ransom:
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
@Tim_G said in South Korean Firm Pays Massive Ransom:
@IRJ said in South Korean Firm Pays Massive Ransom:
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
@IRJ said in South Korean Firm Pays Massive Ransom:
No there isn't as many vulnerabilities found, and from an attacker point of view who cares if they get in because of the OS or because of an IIS flaw or Adobe Reader flaw.
Well we do. If we are running our own systems, selecting our own software, etc. we certainly care if the issue is that Windows is insecure, or if something we don't run but lots of other people do on Windows is insecure or if the issue is just that other Windows Admins do insecure things. Yes, there is an association, people running Adobe are way more likely to be doing so on Windows than on Linux, granted. But to say Windows is vulnerable requires causality, not correlation. It's not windows making it vulnerable, it's Adobe.
By that logic, we'd also say that all people who deploy Windows are vulnerable (which is more true than anything else) and that companies willing to run on Windows are inherently insecure and so forth.
Windows might not match Linux in security, but it is really good on its own. That it is almost always used by people who can't figured out security or the need for it doesn't influence what is good for us.
Example - Ferraris are one of the safest cars in the world, yet Ferrari drivers have terrible accidents all of the time because rich kids drive them like idiots. As a car buyer, that other people who drive badly often buy Ferraris does not tell me that a Ferrari is more dangerous for me. The purchasing of the Ferrari does not make me a bad driver.
Same here, if you are a secure admin, using windows will work just fine for you. If you are an insecure one, Linux won't work for you either... but for other reasons, chances are, you won't deploy Linux, only Windows.
Summary: Insecure people choose Windows, Windows doesn't make people insecure.
Well the Windows OS itself is less secure by far. So there is also that...
Which ones are we comparing? I agree, Windows 95 is much less secure than CentOS 7.
That's actually DOS as the OS. And DOS might actually be decently secure
Fine... DOS in Win95 GUI is much less secure than CentOS 7.
Believe what you want, but I see this stuff everyday. Run your own scans and see for yourself.
-
Which Linux distros are you using in the example? Just CentOS / RHEL? Are you looking at several? That RHEL and Suse are super secure I have little doubt. Get much beyond that and anything might happen.
-
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
Which Linux distros are you using in the example? Just CentOS / RHEL? Are you looking at several? That RHEL and Suse are super secure I have little doubt. Get much beyond that and anything might happen.
Mostly CentOS / RHEL, but I have quite a few Ubuntu severs as well.
-
@IRJ said in South Korean Firm Pays Massive Ransom:
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
Which Linux distros are you using in the example? Just CentOS / RHEL? Are you looking at several? That RHEL and Suse are super secure I have little doubt. Get much beyond that and anything might happen.
Mostly CentOS / RHEL, but I have quite a few Ubuntu severs as well.
Any noticeable difference between those two?
-
@scottalanmiller said in South Korean Firm Pays Massive Ransom:
Which Linux distros are you using in the example? Just CentOS / RHEL? Are you looking at several? That RHEL and Suse are super secure I have little doubt. Get much beyond that and anything might happen.
And you can lock them down even more. SCAP really is a great tool. It will let you know a lot about your system. A lot of things that are trivial to implement that harden the systems more than you would normally. Creates some nice little HTML reports for your systems too.
