Verizon Business has released a report that touches on what they found after looking through 500 forensic investigations involving 230 million records, and analyzes hundreds of corporate breaches. These breaches include three of the five largest breaches ever reported. Here is a few items they discovered:
- 87% of corporate data breaches could have been prevented if they had reasonable security measures been in place (duh!).
- Less than 25 percent of attacks took advantage of a known or unknown vulnerability.
- Asian attacks (mainly China and Vietnam) are usually application exploits that are used for data compromise.
- Most defacements originate out of the Middle East.
There’s also some very good information in the article regarding how to protect your network and data. I would strongly encourage any network/system administrator to, at the very least, browse this part of the report.
I meant to go back and follow up a little more, but for now I’ll post my findings so far. Honestly, Davenport has their act together for the most part – I only discovered very minor things that are easy fixes and do not pose an immediate security threat.
Back on March 12th, I needed to use the library for a short while. I used the map command to see what I’m already connected to for the heck of it. Afterwards, I started playing around in My Network Places – specifically the Novell Connections. First I played around with a share called Midland_4x, but nothing was too interesting there. Of course another one of the first things I had to check out was the part that said “STAFF” 
Still nothing interesting really. I played around in the tree a little longer and finally found something that caught my eye – something that appeared to be a unix-based server with SSH. It used the default port (22), but ended up being either down or filtered by the firewall. Then I found another server that looked like it was for grad students that had somebody’s resume on it. The whole directory appeared to be world readable/writable. Two other things I’ll have to check out later are a front page to their Novell OpenEnterprise Server (Novell and Suse – good stuff!) and what appeared to be an OpenSource Project page. Nice 
I wasn’t sure what to make of their BMC Service Desk Express page or the APC InfrastruXure Manager page. Looks like I’ll have to do some more research on those when I get some time. One thing that should probably be addressed is Apache being installed and running on several Novell servers. As you can see from the screenshot, the default index page is still up, which tells me that the administrators may not know Apache is running. As we are taught in several classes, unused services should never be running. /etc/init.d/apache2 stop
About a week later I went back to look for anything else that might catch my eye. I found what I was looking for in the “Documents and Settings” folder. If you surf to C:\Documents and Settings\, you’ll find the names of everyone who had logged into the computer. You’re also able to poke around in their folders, which show information such as downloaded programs, personal files saved to “My Documents”, and their “Favorites” amongst other things. While it could take forever to look for anything of interest in all of those folders at the library, all you have to do is output the tree command to a text file for later viewing. In defense of Davenport, they’re not the only one’s who have this issue – Delta College does as well. They allow viewing of cookies and recent documents, which could reveal some information about themselves or their online identities including hotmail, student email addresses, projects they are working on (assuming that’s a project), facebook identity, and more.
Overall, I was pretty happy with what I discovered…which wasn’t a lot 
