So another week, another set of same stuff different day.
The Reverse Engineering class through the Brakesec slack is going fantastic. So well in fact that there is an extra week added onto it. The videos should be public mid to late december through their youtube channel so you might want to check that out.
There are lessons to be learned whenever an employee leaves. Especially when that employee has the majority of knowledge of the company and their systems, and is on major projects. First thing is do not force any of those projects through if they are not really ready. The fallout can be painful, and create all sorts of other security issues. something to remember, never have a single point of failure if at all possible.
Legacy systems are the soft underbelly of all corporations. Red teamers love finding out about them, as they are usually the easiest technical way in (Social Engineering I think still tops the list of easy for them). The other issue it can have is slowing down the adoption of newer end user systems that still get patched regularly. Big security tip I have learned from this is all systems need to have a life cycle put in place from the time they are being planned. Know and keep up to date with what replacement options are for systems also, as this will help you budget in advance. It will help keep systems in a positive life cycle for patches and connectivity. Too many times over the years have I seen people wait way too long to do those legacy upgrades, and it costs. It costs in having to find a way to do multiple jumps through versions of outdated software to get to the current version, not just in money for the software, but in time and resources to plan and test the upgrades.
That is all I have for this week. Next week there might not be a post with the Thanksgiving holiday here in the U.S.
Leave a Reply