[funsec] Border Security System Left Open
nick at virus-l.demon.co.uk
Thu Apr 13 20:32:41 CDT 2006
> A computer failure that hobbled border-screening systems at airports
> across the country last August occurred after Homeland Security officials
> deliberately held back a security patch that would have protected the
> sensitive computers from a virus then sweeping the internet, according to
> documents obtained by Wired News.
One has to question whether the folk running these systems even have
the _minimal_ competence for doing their job.
Why are "sensitive" systems such as these on networks where they _can_
be exposed to network-spreading malware or [D]DoS attacks?
If they "must" (for god-only-knows-what reason) attach these machines
to public sewer networks, then why are they running an OS that is so
commonly (and trivially) exposed to such outages?
If they weren't connected to the Internet (which one would expect they
weren't) then why weren't such "sensitive" systems attached to a
properly fortified and locked down network? One that only DHCPs for
known MAC addresses or at least one that puts "unknown" MACs in their
own, heavily restricted, VLAN?? [I won't name the European airport but
I found free Ethernet access via its administrative network from an
Ethernet jack in a public area in the last year. You half expect this
for WiFi, but for Ethernet??]
And, even if they "must" (for god-only-knows-what reason) run Windows,
why are they not running the systems the dumbest of their dumb users
(in terms of "PC smarts" and the level of OS access necessary to do
their jobs) not running some extra-hardened, ultra-locked-down, least-
privileges configuration to totally minimize any possibility of
something like Zotob affecting them? Especially given that they
clearly were NOT taking other "reasonable, best practice" precautions
as suggested above?
More information about the funsec