Re: Stable not in the stable
I remember a guy running an ancient server for which updates were no longer available. He was adamant that it was secure as it wasn't public facing. It sat behind a firewall all of its own on the LAN. It has its very own DMZ. The corporate firewall did not know a route to the server. It was safe. He said.
Now this seemed quite an expensive solution to me. A hefty firewall and it's attendant licensing wasn't cheap and of course the licences were a recurring expense. I asked how much it would cost to update the software to run on a newer OS. He wasn't interested. He had his solution. It was safe. He said.
The firewall rules protected the server he said. Only clients on the LAN could access the server. He said. And that much was actually true.
However one day all hell broke loose. Somebody who took their laptop home suffered a zero day attack. Except it wasn't apparent. Working from home on an ADSL connection the laptop's quest to find and attack other devices on the network was not apparent. In the office however at LAN speeds the laptop's owner experienced a terrible performance hit. As did other people who's laptops and desktops got hit. The LAN switches were lit up like.a Christmas tree. Some smart arse spotted this was likely malware and started to pull the power cables on switches. It wasn't until the IT manager has funished fixing laptops and desktops with some newly updated AV software the following day that he bothered to look at the server. He b didn't bother looking at the server because it was safe. He said.
It wasn't. One of the attack vectors of the malware was a common port that was open on the firewall. The laptops and desktops were up to date as of last month. The IPS signatures on the corporate firewall were up to date so the malware couldn't get out to the internet from that. It couldn't even have got in from the internet, but it's somebody brought an unedited device into the office all bets were off. The software on that server was years out of date. The malware tore it a new one and so on day two of dealing with the infection or hero discovered that the system was no longer accessible. It wouldn't even boot.
There's safe and secure and then there's safe and secure.