The Worst Network Security Horror Stories - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

09:29 AM

The Worst Network Security Horror Stories

Think you've had security problems? You ain't heard nothing yet. We asked the pros to tell us some of the worst disasters they've faced. Here's what they told us.

While the company's vulnerability is particularly horrific because it showed a blatant ignorance of the basic principle of network security, some problems are ghosts in the machine. Some are mundane, like the apocryphal web-based company benefits system that is secured by secure sockets layer (SSL), but allows users to click the browser "back" button to see what had been entered in previous forms.

While that kind of bad code can have catastrophic consequences to the bottom line, Peltier notes that, in this age of "networked everything," ill-considered products and network configurations can lead to profoundly disturbing situations. One of the scariest situations he has confronted, involving a petrochemical company's catalytic equipment, could have been a disaster of truly horrific proportions.

The catalyst featured a network link to the manufacturer to permit periodic monitoring and maintenance. While this was certainly a boon to the company – which could count on an extended warranty and periodic upkeep --- the network connection itself was a potential problem that, fortunately, never materialized. "The manufacturer would come in over the network over an unauthenticated telnet system," Peltier recalls. "That's wide open, and you're not just dealing with a security issue if someone decides to change the equipment's operating temperature. This could have been a bomb!"

Ultimately, the bottom line is that, when dealing with their networks, organizations have to know everything. The testing of new systems and equipment is key, but so too is the attitude toward knowledge. Peltier says that the truly knowledgeable network administrator is the person who keeps asking questions. "The moral is that, if you don't know, ask," he says. "And if you don't know what questions to ask, ask someone who does. No one has all the answers, and there's nothing worse than fake knowledge. Ignorance about your systems will jump up and bite you."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll