Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
A Lot of Security Purchases Remain Shelfware
Newest First  |  Oldest First  |  Threaded View
dplyons
100%
0%
dplyons,
User Rank: Apprentice
1/21/2015 | 10:04:59 AM
Re: Firewalls installed but not configured correctly, really?
I have known many standard IT Admins.  I would trust very very few of them with maintaining a firewall, let alone researching/implementing proper security policies.
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
1/21/2015 | 8:40:00 AM
Re: Firewalls installed but not configured correctly, really?
Great point about acess rules, @dplyons. But do you really need a security engineer to configure access to corporate systems via a firewall ? Shouldn't your standard IT admin be able to do that? 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/20/2015 | 4:08:57 PM
fanciest firewall?
I agree with the article mainly. I like the term fanciest firewall, I hope he was not talking about shape, color and other pretty things about the firewall. :--)) Granted, there are really nice firewalls out there, however as I mentioned in my other post firewall would not be considered a security device in today's environment. We need to go beyond firewalls and start implementing strategies that protects us from the things coming through the firewall.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/20/2015 | 4:01:05 PM
Re: Firewalls installed but not configured correctly, really?
I hear you Marilyn and agree. At the same time, with today's high sophisticated tools firewall is not really a security device, nobody is really trying to hack firewall, they are just passing through without any effort.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/20/2015 | 3:57:24 PM
Re: Great Insight
Not only that but no ROI, business could not really afford buying a product but no using it in today's limited budget world. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/20/2015 | 3:55:07 PM
No skilled IT staff?
 

As article mentioned. the main reason maybe there is no skilled IT staff in hour. Sometime companies do the purchase in rush because of immediate needs and when the pressure goes away next a few months, that creates an illusion that the threats or vulnerabilities disappeared, that basically defines the end of project and puts the software recent bought to shelf.
dplyons
50%
50%
dplyons,
User Rank: Apprentice
1/20/2015 | 10:35:45 AM
Re: Firewalls installed but not configured correctly, really?
Incorrectly configured firewalls are all-too-common.  Too many users/managers/CIO's insisting that things "just work", too few security engineers.  The results are access rules that are far too broad, or simply permitting all traffic.
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
1/20/2015 | 8:39:01 AM
Firewalls installed but not configured correctly, really?
This is quite remarkable.. not to mention data from database monitoring tools that was never seen and a lack of policy for diata leak prevention tools. How common is this, really? Please share!
Daniel Riedel
50%
50%
Daniel Riedel,
User Rank: Author
1/19/2015 | 11:36:30 AM
Great Insight
Thanks for bringing to light this all too common scenario, Jai. Businesses can't expect to see results from security software if it just sits on the shelf. 


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36388
PUBLISHED: 2021-06-17
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
CVE-2020-36389
PUBLISHED: 2021-06-17
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
CVE-2021-32575
PUBLISHED: 2021-06-17
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
CVE-2021-33557
PUBLISHED: 2021-06-17
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
CVE-2021-23396
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.