This isn't new news, but a few customers had mentioned this story to me, so I thought I'd post it. (Full article: http://www.securityfocus.com/news/6767 ) ------------- The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall, SecurityFocus has learned. ... The Slammer worm entered the Davis-Besse plant through a circuitous route. It began by penetrating the unsecured network of an unnamed Davis-Besse contractor, then squirmed through a T1 line bridging that network and Davis-Besse's corporate network. The T1 line, investigators later found, was one of multiple ingresses into Davis-Besse's business network that completely bypassed the plant's firewall, which was programmed to block the port Slammer used to spread. "This is in essence a backdoor from the Internet to the Corporate internal network that was not monitored by Corporate personnel," reads the April NRC filing by FirstEnergy's Dale Wuokko. "[S]ome people in Corporate's Network Services department were aware of this T1 connection and some were not." --------------- Aren't all these places supposed to have regular security audits? Why weren't these issues noticed? I guess the security auditors were too busy proactively leveraging their best of breed synergies selling NutronNipWackNatBlackTwique or some other Box-0-Security device? ___________________________________ Andrew Plato, CISSP President/Principal Consultant Anitian Enterprise Security 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com ___________________________________
This archive was generated by hypermail 2b30 : Thu Sep 11 2003 - 15:59:39 PDT