Hackers suck

[Meaker]

About 25% rebuilding the network of a company that seems to be made up of decent people. I was just going to help out cover their desk but noooo sucky people have to suck. No time for me to play elden ring now 😞

[solidus1983]

Ouch, Network rebuilds are a pain at best, nice to see you back though bud!

 

Might be time to let them sucky people go.

[Meaker]

At least at the end they are going to have a much hardened network (not just perimeter firewall but internal separation too), better AD structure and group policies along with azure machine deployments and MFA.

 

Should hopefully avoid it happening again.

[Reciever]

no chance at it being a nefarious actor in that company?

 

[Meaker]

Nah, known group.

[solidus1983]

With it being a known group, i take it is a full intrusion of the network? or are they simply DDOS'ing the hell out of it?

 

The thing is you can go all in and fancy with security however the one thing you can't upgrade is the weakest part of the link.

Its one reason why i am now reverse proxying alot of my services now as the more ports opened on router/firewall the bigger the target is for getting attacked.

 

The fact your using AD and Azure means your above my pay grade and have better knowledge of networking then me for sure.

But if it was me and it was a known threat actor i would troll the hell out of the them with an SSH terminal that would take years to fully load.

 

Might be wise to put a honey pot on the network too.

[Meaker]

On 4/7/2022 at 1:46 AM, solidus1983 said:

With it being a known group, i take it is a full intrusion of the network? or are they simply DDOS'ing the hell out of it?

 

The thing is you can go all in and fancy with security however the one thing you can't upgrade is the weakest part of the link.

Its one reason why i am now reverse proxying alot of my services now as the more ports opened on router/firewall the bigger the target is for getting attacked.

 

The fact your using AD and Azure means your above my pay grade and have better knowledge of networking then me for sure.

But if it was me and it was a known threat actor i would troll the hell out of the them with an SSH terminal that would take years to fully load.

 

Might be wise to put a honey pot on the network too.

 

It was an intrusion, they even got into the hosts and datastores.

 

What you can do is limit access and damage if someone is compromised. Sure maybe a file share gets hit but with secure documentation and an internal firewall (not just a perimeter firewall) you can separate machines on the network properly and just restore from a backup if someone is compromised.

Things like MFA (multi factor authentication) will also help stop that in the first place.

 

It's a bit of a pain in the ass to set up and get it all right, and takes a bit more work for say Devs who want to run a new app but it's way better than rebuilding the network from almost scratch.

[solidus1983]

18 hours ago, Meaker said:

 

It was an intrusion, they even got into the hosts and datastores.

 

What you can do is limit access and damage if someone is compromised. Sure maybe a file share gets hit but with secure documentation and an internal firewall (not just a perimeter firewall) you can separate machines on the network properly and just restore from a backup if someone is compromised.

Things like MFA (multi factor authentication) will also help stop that in the first place.

 

It's a bit of a pain in the ass to set up and get it all right, and takes a bit more work for say Devs who want to run a new app but it's way better than rebuilding the network from almost scratch.

 

That does sound like a right nightmare, totally agree with how your working on a solution for it though. Yep Dev's might complain however Data security is and should be paramount. 

 

I take it your also going down the vlan route too to isolate the network futher with firewalls on top. It something i have done for my Private and Guest Networks using vlan's to split them and then using the firewall to then make sure they can't communicate between networks or in case of the guest network no even the clients connected to it. Which reminds me i still have the IOT stuff to get ready for complete isolation as well. 

 

As for your backup point, that only really works if said backup is offsite and also doesn't get compromised.

[Meaker]

6 hours ago, solidus1983 said:

 

That does sound like a right nightmare, totally agree with how your working on a solution for it though. Yep Dev's might complain however Data security is and should be paramount. 

 

I take it your also going down the vlan route too to isolate the network futher with firewalls on top. It something i have done for my Private and Guest Networks using vlan's to split them and then using the firewall to then make sure they can't communicate between networks or in case of the guest network no even the clients connected to it. Which reminds me i still have the IOT stuff to get ready for complete isolation as well. 

 

As for your backup point, that only really works if said backup is offsite and also doesn't get compromised.

 

Their final step is off site tape backups and a physical backup server that's going to be nicely isolated too. VLAN assignments are part of having an internal firewall and segmenting the network, so yep that's being locked down too.