It’s another roundup of discussions happening this week on the MSP subreddit.
Okay, this is a long one. But when you’re talking about a culture shift around security, it warrants a lengthy post if others can benefit from it. And in this case, it looks like they can. The Redditor behind the post spelled out the problem: How do you allow legitimate Agent N <> Central traffic, but limit exposure of your login pages from the public internet?
“If you read the N-Central support literature, they say you need at a minimum TCP ports open: 22, 80, 443, 10000. We were never comfortable with that and after seeing a Solarwinds support engineer defeat our MFA with a single SQL update command over SSH – our fears were validated.
“Our goal was to transition from this culture of ‘just allow everything – it’ll all be fine’ that vendors insist upon to ‘what is absolutely required and let’s just allow that.'”
This step by step guide for adding a suit of armour around your login pages is a good example of “the rising tide lifts all boats”.
The Maze ransomware is at it again, this time targeting one of the largest tech and consulting firms in the Fortune 500 – Cognizant. The Maze operators denied responsibility for the cyber attack, according to BleepingComputer.