A Sense of Security Blog

Network Security Horror Stories

Happy Halloween everybody!

Okay, perhaps it’s not as bone-chilling as American Horror Story, slasher flicks or ghoulish tales, but if you’re responsible for network security and discover some spurious connections on your network … well, your heart might race with fear or panic.

Our customers have had some interesting discoveries on their networks. All names have been changed to protect the innocent (or are they guilty?!!), but here are some real life network security horror stories:

  1. An American financial services and investment company – one of the world’s biggest – uncovered a network connection to RBN.
  2. In a very large telecommunications corporation, a leak path to China was discovered – which prompted the company to shut down its entire external access for one day until the problem could be remediated.
  3. A national healthcare insurance provider knew their network to be of a certain size, but a Lumeta IPsonar scan found IP addresses equaling triple the size of their "known" network.  Turns out they were completely open to a client's (a multinational manufacturing company) network.  From that client network, there was a connection to offices in Beijing. And, there was also a connection to a US software company's corporate office. It would be possible for someone to "network hop" all the way from China, through the manufacturing company, through the insurance provider, into the software company's corporate office.
  4. In a few other cases, customers have used Lumeta IPsonar to discover their network and have found unauthorized connections to Eastern European nations, usually through one of Europe's multinational telecommunications corporations.
  5. A leading global industrial manufacturer, prior to acquiring a new company, ran a Lumeta IPsonar scan on that company and found an inbound leak path to the enterprise network … from an executive’s vacation home! A misconfigured cable modem, which had a direct connection back to the corporate network, had both inbound and outbound packets leaking. Granted, this was somewhat of an innocuous connection, but it was an ingress/egress point to the network that could be exploited as part of a cybercrime reconnaissance process.

These real-world situations* are examples of the notion that the first step in security is complete visibility of what is connected to your network … all connections (especially those that are unauthorized), devices, and potential leak paths.  Only then can you work to prevent cyber-attacks.

So, while it’s a good idea to keep a keen eye out for any Jasons, Freddys or Chuckys of the horror world, it’s also quite prudent to be aware of everything and everyone that is connecting to your network.


*Good news … they’ve all since been remediated.