[HamWAN PSDR] We need to design secure control access

Wade W7ITL w7itl.usa at gmail.com
Wed Feb 8 07:45:24 PST 2023


Bart,


Have you guys tried to get the decryption keys for esxiargs ? I work in
cyber security and it was announced that CISA had released the keys to help
decrypt folks impacted by the ransomware attacks

https://www.bleepingcomputer.com/news/security/cisa-releases-recovery-script-for-esxiargs-ransomware-victims/?s=03

73

Wade W7ITL

On Wed, Feb 8, 2023 at 4:09 AM Bart Kus <me at bartk.us> wrote:

> Your background sounds like you'd make meaningful contributions, so I'd
> encourage you to consider participating in read-write mode, not just
> read-only.
>
> We got hit by this a few days ago on several HVs:
>
>
> https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/
>
> I'll avoid getting into the technical weeds question, to keep this thread
> focused on working group formation.
>
> --Bart
>
> On 2/8/2023 3:55 AM, Jamie Owens wrote:
>
> What\when was the most recent beach?
>
> The hypervisors are accessible publicly?  Why no VPN/VPC.
>
> I've been in admin/networking/devops world since 2000 and currently
> attending to get my BS in CIS/Cyber Security... so if nothing more, I'd
> like to tag along and learn more from this real world scenario from I'm
> sure way more experienced users.
>
> On Wed, Feb 8, 2023, 3:34 AM Bart Kus <me at bartk.us> wrote:
>
>> All of the network's control points are on public non-firewalled IPs.
>> This is the worst security.  It was done this way for the sake of
>> simplicity.  Our netops volunteers had to get up to speed with
>> unfamiliar concepts like routing, funky netmasks, dynamic routing
>> protocols, policy routing, VRRP, firewalls, MTUs, MSS control, IPsec,
>> etc.  We reaped the rewards of KISS from broader volunteer engagement,
>> but lately we've been paying too heavy of a price for the awful security
>> this simplicity creates.  In the most recent breach we've lost important
>> source code that will now need to be re-created.  We escaped total
>> disaster by the thinnest of margins, as one critical hypervisor just
>> happened to be patched to 1 version higher than exploitable.  This
>> simplicity is not a good tradeoff anymore, so the time has come to
>> introduce more complexity to the network to protect all control points.
>>
>> This is not a simple problem, since there are many fragility vs security
>> tradeoffs, as well as complexity cost concerns.  If you have experience
>> or thoughts around this area, and can commit to a few weeks of design
>> and implementation work on this project, please indicate your interest.
>> We'll assemble a small working group in the next few days and start
>> discussions.  I expect the working format will involve some virtual
>> meetings, since email is not high bandwidth enough to hash out
>> everything quickly.
>>
>> Here's hoping we don't make it worse,
>>
>> --Bart
>>
>> _______________________________________________
>> PSDR mailing list
>> PSDR at hamwan.org
>> http://mail.hamwan.net/mailman/listinfo/psdr
>>
>
> _______________________________________________
> PSDR mailing listPSDR at hamwan.orghttp://mail.hamwan.net/mailman/listinfo/psdr
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.net/mailman/listinfo/psdr
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20230208/94336f5f/attachment.html>


More information about the PSDR mailing list