Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
A Lot of Security Purchases Remain Shelfware
Newest First  |  Oldest First  |  Threaded View
dplyons
100%
0%
dplyons,
User Rank: Apprentice
1/21/2015 | 10:04:59 AM
Re: Firewalls installed but not configured correctly, really?
I have known many standard IT Admins.  I would trust very very few of them with maintaining a firewall, let alone researching/implementing proper security policies.
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
1/21/2015 | 8:40:00 AM
Re: Firewalls installed but not configured correctly, really?
Great point about acess rules, @dplyons. But do you really need a security engineer to configure access to corporate systems via a firewall ? Shouldn't your standard IT admin be able to do that? 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/20/2015 | 4:08:57 PM
fanciest firewall?
I agree with the article mainly. I like the term fanciest firewall, I hope he was not talking about shape, color and other pretty things about the firewall. :--)) Granted, there are really nice firewalls out there, however as I mentioned in my other post firewall would not be considered a security device in today's environment. We need to go beyond firewalls and start implementing strategies that protects us from the things coming through the firewall.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/20/2015 | 4:01:05 PM
Re: Firewalls installed but not configured correctly, really?
I hear you Marilyn and agree. At the same time, with today's high sophisticated tools firewall is not really a security device, nobody is really trying to hack firewall, they are just passing through without any effort.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/20/2015 | 3:57:24 PM
Re: Great Insight
Not only that but no ROI, business could not really afford buying a product but no using it in today's limited budget world. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/20/2015 | 3:55:07 PM
No skilled IT staff?
 

As article mentioned. the main reason maybe there is no skilled IT staff in hour. Sometime companies do the purchase in rush because of immediate needs and when the pressure goes away next a few months, that creates an illusion that the threats or vulnerabilities disappeared, that basically defines the end of project and puts the software recent bought to shelf.
dplyons
50%
50%
dplyons,
User Rank: Apprentice
1/20/2015 | 10:35:45 AM
Re: Firewalls installed but not configured correctly, really?
Incorrectly configured firewalls are all-too-common.  Too many users/managers/CIO's insisting that things "just work", too few security engineers.  The results are access rules that are far too broad, or simply permitting all traffic.
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
1/20/2015 | 8:39:01 AM
Firewalls installed but not configured correctly, really?
This is quite remarkable.. not to mention data from database monitoring tools that was never seen and a lack of policy for diata leak prevention tools. How common is this, really? Please share!
Daniel Riedel
50%
50%
Daniel Riedel,
User Rank: Author
1/19/2015 | 11:36:30 AM
Great Insight
Thanks for bringing to light this all too common scenario, Jai. Businesses can't expect to see results from security software if it just sits on the shelf. 


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31476
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...
CVE-2021-31477
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-...
CVE-2021-32690
PUBLISHED: 2021-06-16
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This...
CVE-2021-32691
PUBLISHED: 2021-06-16
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within th...
CVE-2021-32243
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).