Follow up to our lovely USA today article about the “finagle vulnerability”…you remember they did a honeypot and “To hijack the Windows Small Business Server, the attacker finagled his way into a function of the Windows operating system that allows file sharing between computers. He then uploaded a program that gave him full control.”
Well at first I was thinking they purposely chose p-a-s-s-w-o-r-d as the password to get the system SMTP auth attacked [which, yes we ARE vulnerable for — remember CHOOSE PASSWORDS WELL like Dr. Jesper Johansson tells us to]. But it didn’t dawn on me what they really did to purposely get this box hacked. They set it up with one network card and no firewall. Yo, folks. READ THIS.
Because the Internet connection device is the default gateway to the Internet, the device must provide a firewall service or you must add a firewall device to protect your local network from unauthorized Internet access. In this topology, you cannot configure the firewall provided by Windows Small Business Server 2003 because the server is not the gateway to the Internet. If you want to use the firewall provided by Windows Small Business Server 2003, you must install a second network adapter in your server and use the topology shown in Figure 2.4. For more information, see Appendix B, “Understanding Your Network.”
Does everyone understand how totally bogus of a honeypot test this was? They purposely set it up such that the file sharing ports were exposed as part of their server honeypot test.
We never EVER do that. No self-respecting server does. So for this article, the honeypot experiment was such a bogus test. Did the article say in any place in that article how bogus of a test this was?
Sorry folks.. but I”m still blown away by this article and it’s content.