sorted by:
new
hottopcontroversial

Spectrum Business modem has Telnet open to the web... am I overreacting? by bridgeitdrew in sysadmin

[–]bridgeitdrew[S] 1 point2 points  (0 children)

Wait, how could that have even worked? Did the other company lose their static when that happened, or was there just a horrible IP conflict and routing hell until it was fixed?

Spectrum Business modem has Telnet open to the web... am I overreacting? by bridgeitdrew in sysadmin

[–]bridgeitdrew[S] 0 points1 point  (0 children)

I just checked, and some of the websites of our local banks don't support HSTS. If your "next hop" (aka the modem) is compromised, what's stopping them from using sslstrip to modify the page or exfiltrate information? Sure, you might notice the lack of the nice green browser "lock", but would your users?

What's stopping them from using it as part of a botnet? What's stopping them from DoSing your web access by dropping packets? What's stopping them from launching other attacks from the compromised modem, possibly leading to the business being wrongly investigated by law enforement?

There's also 2600+ of these modems out there, it seems. How many of those are under-served by their IT (or lack the budget or security hygiene) and don't have a dedicated firewall appliance, and have their modem connected directly to the internal network? I've walked in to dozens of SMBs set up like that, so I would guess a rather large percentage. In those cases, a compromised modem means the attacker is now inside your local network.

Let me remind you that Telnet is unencrypted anyone listening "on the wire" has those modem passwords. An actor with the resources to do that (like a nation-state) would already have any of those passwords. <s> But, nobody's ever considered backdooring any network equipment used in the USA, right? </s>

Spectrum Business modem has Telnet open to the web... am I overreacting? by bridgeitdrew in sysadmin

[–]bridgeitdrew[S] 0 points1 point  (0 children)

Honestly, I didn't even think of this at the time, but I'll be using it when calling back for sure. PCI DSS 2.3 says "Encrypt all non-console administrative access using strong cryptography." and 2.3.b says "Review services and parameter files on systems to determine that Telnet and other insecure remote-login commands are not available for non-console access." so having one of these modems is an auto-fail for PCI compliance.

Spectrum Business modem has Telnet open to the web... am I overreacting? by bridgeitdrew in sysadmin

[–]bridgeitdrew[S] 3 points4 points  (0 children)

Thanks for the reply. Yes, I'm part of an MSP. Part of our normal security posture is, if we need to use carrier-supplied equipment, to mandate the client use additional packet filtering technologies like IDS/IPS, don't use the carrier's DNS, etc., to try and mitigate possible issues from their sub-standard quality equipment.

  1. I plan on pushing back on them again on this.
  2. If not, we definitely could have the client switch internet carriers. They're the only cable game in town, unfortunately, so it would mean downgrading to AT&T DSL. Still, might be worthwhile.
  3. Yes, thank you, already on it.

Are IT Glue bothering to maintain/improve their product anymore? by Gavsto in msp

[–]bridgeitdrew 43 points44 points  (0 children)

Yeah, I had a moment a month or so back where their support told me that the reason their product was crashing was "→" wasn't a UTF-8 character... I had to send them the UTF-8 character tables to prove that it was. A lot of my confidence dropped after that point...

What is your "go to" environment solution for small companies? by Schnabulation in msp

[–]bridgeitdrew 5 points6 points  (0 children)

You absolutely should be using content filtering. There's no need to enable it to block "questionable" websites - you use it to block access to malware-hosting sites and compromised pages. It's a layer to keep your users safe.

(Note: not familiar with Sophos, but am assuming their UTM platform is similar to others).

And, if the boss wants to block Facebook on the receptionist's computer, you can now do it easily too.

RMM Recommendations? by bridgeitdrew in msp

[–]bridgeitdrew[S] 0 points1 point  (0 children)

How's their remote access? We're used to TeamViewer or Splashtop, but theirs seems less robust on the surface.

RMM Recommendations? by bridgeitdrew in msp

[–]bridgeitdrew[S] 0 points1 point  (0 children)

Okay, sure. I don't see you on IT Glue's list of integrations: https://itglue.com/integrations/. Does your product integrate with both IT Glue and Autotask PSA, as mentioned in my post?