Companies use significant resources to secure their production systems. The security of backup elements of the same infrastructure, especially the backup files are overlooked. This lack of security can be an excellent opportunity for an attacker.
Example scenario:One of Shortinfosec Democorp branch office Domain Controllers has failed. A support expert is invited to assist, and he suggests to install a new server and restore the DC from system state backup of the failed one, thus retaining the SID of the old DC and other special configurations that have been implemented. The backup is kept at head office, and is sent on a CD via courier.The CD is received, restored to the new server, and everything is good as new.Two days later, a hacker attacks the Shortinfosec Democorp. The investigation concludes that the attacker used a domain user name and password to enter the computer system. The investigation concludes that the only possible breach of security was during the transport of the System State CD via courier.Analysis:The attacker has infiltrated the courier company used by Shortinfosec Democorp, and paid the courier to make a copy of all CD-s that are transited for Democorp. This can be performed even easier if the CD-s are sent via public mail, where a large number of personnel have access to sent material.From the copy of the System State, the attacker recreated multiple clones of the domain controller in a VMware lab environment, and performed the following attacks in parallel:
Conclusions and recommendations:A good attacker is the one you have to be weary most about. Such an attacker will use any method to collect information, including media theft.
Spirovski Bozidar, CISSP, MCSA
Spirovski Bozidar is an ICT and security expert. Mr. Spirovski has worked in information management and security since 1999 His professional experience includes from Head of Systems and Security of an ISP, and Senior Solution Designer within an Incumbent Telco Opator. Bozidar currenty holds the position of a Chief Information Security Officer for bank, member of a large multinational group.
He has been involved as a guest speaker in a multitude of international conferences on information systems in CEE, covering the subjects of Personal Data protection and EU regulations, Risk Analysis and Business Continuity and Reliable Data hosting.
He is the author of the ShortInfosec Portal (http://www.shortinfosec.net)
Click Here to Try Carbonite Online Backup FREE for 15 days and back up your irreplaceable files automatically and securely. No credit card required!
Posted by
Dave Date:
Friday, December 4, 2009
Categories:
File Backup
Tags:
Backup, Media, Securing, Steps, Transport