Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
A Lot of Security Purchases Remain Shelfware
Newest First  |  Oldest First  |  Threaded View
dplyons
100%
0%
dplyons,
User Rank: Apprentice
1/21/2015 | 10:04:59 AM
Re: Firewalls installed but not configured correctly, really?
I have known many standard IT Admins.  I would trust very very few of them with maintaining a firewall, let alone researching/implementing proper security policies.
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
1/21/2015 | 8:40:00 AM
Re: Firewalls installed but not configured correctly, really?
Great point about acess rules, @dplyons. But do you really need a security engineer to configure access to corporate systems via a firewall ? Shouldn't your standard IT admin be able to do that? 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/20/2015 | 4:08:57 PM
fanciest firewall?
I agree with the article mainly. I like the term fanciest firewall, I hope he was not talking about shape, color and other pretty things about the firewall. :--)) Granted, there are really nice firewalls out there, however as I mentioned in my other post firewall would not be considered a security device in today's environment. We need to go beyond firewalls and start implementing strategies that protects us from the things coming through the firewall.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/20/2015 | 4:01:05 PM
Re: Firewalls installed but not configured correctly, really?
I hear you Marilyn and agree. At the same time, with today's high sophisticated tools firewall is not really a security device, nobody is really trying to hack firewall, they are just passing through without any effort.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/20/2015 | 3:57:24 PM
Re: Great Insight
Not only that but no ROI, business could not really afford buying a product but no using it in today's limited budget world. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/20/2015 | 3:55:07 PM
No skilled IT staff?
 

As article mentioned. the main reason maybe there is no skilled IT staff in hour. Sometime companies do the purchase in rush because of immediate needs and when the pressure goes away next a few months, that creates an illusion that the threats or vulnerabilities disappeared, that basically defines the end of project and puts the software recent bought to shelf.
dplyons
50%
50%
dplyons,
User Rank: Apprentice
1/20/2015 | 10:35:45 AM
Re: Firewalls installed but not configured correctly, really?
Incorrectly configured firewalls are all-too-common.  Too many users/managers/CIO's insisting that things "just work", too few security engineers.  The results are access rules that are far too broad, or simply permitting all traffic.
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
1/20/2015 | 8:39:01 AM
Firewalls installed but not configured correctly, really?
This is quite remarkable.. not to mention data from database monitoring tools that was never seen and a lack of policy for diata leak prevention tools. How common is this, really? Please share!
Daniel Riedel
50%
50%
Daniel Riedel,
User Rank: Author
1/19/2015 | 11:36:30 AM
Great Insight
Thanks for bringing to light this all too common scenario, Jai. Businesses can't expect to see results from security software if it just sits on the shelf. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26333
PUBLISHED: 2021-09-21
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.
CVE-2021-31917
PUBLISHED: 2021-09-21
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and i...
CVE-2021-20829
PUBLISHED: 2021-09-21
Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.
CVE-2021-20037
PUBLISHED: 2021-09-21
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.
CVE-2021-39229
PUBLISHED: 2021-09-20
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack...