I enjoy this business so much because of the wonderful diversity it provides me in terms of issues, problems and successes. The latest is the fact that the firewall at our corporate headquarters has been the subject of a number of attacks by some unfriendly person.
These attempts to break into corporate networks happen millions of times daily around the world, which is why businesses need to be on top of their security strategy. What interested me here was the fact that this was the same attack coming from a number of different places around the world.
The sources were in China, the USA, Poland, Australia and a couple of other countries whose names escape me. The same common username and password combinations were used each time from each different source (lesson here – never use “admin” and “password”) .
Of course the same individual or organisation is almost certainly involved in all of them. That person will have systematically hacked into a certain type of server whose operating system and security patches has not been kept up to date. It is likely a company server hosted at a datacentre somewhere.
Our course of action, if the attack persists, is to look up the owner of the IP address from which the attack is coming and ring the business up to let them know they have a problem. In the case of the Chinese source we send them an email – only because they will almost certainly be in bed. 🙂 Usually this sorts the problem out and indeed the recent spate of attempted break ins has abated. No doubt there will be more.
We know what to do in these cases but it is a lot to ask of a business that is not and ISP or doesn’t have a highly skilled IT department, which is why it very often makes sense to outsource your security management.