Paying attention to the External Systems

The last couple of weeks I’ve been paying a bit more attention to our externally accessible systems (such as systems in the DMZ or systems on our external boundary). In the past I’ve run vulnerability scans weekly, but haven’t really paid attention to the systems that come on-line and the systems that go away. I also haven’t worried about whether the systems are authorized or not.
In just a couple weeks of paying attention, I’ve found some funny things. (not funny ha ha). A phone for conference calls was plugged into a jack that put it on the external network rather than the internal network. The best part, was the default admin password on the phone. OK, lesson(s) learned.
This week, a server came online on our DMZ that I hadn’t seen online in the past 2.5 months. According to my records the approval expired in November and they reported they no longer needed access. Apparently the systems administrator turned the server off when it was no longer in production. They turned it on this week to “take a inventory.” Unfortunately the system was still connected to our DMZ. Lesson learned, when approval ends, get the network guys to go to the patch panel and unplug that drop.
Fortunately neither case resulted in a problem, but it showed to me pretty quickly the need to pay attention to the hosts on that network beyond “is it vulnerable”. Should it be there is key as well. ๐Ÿ™‚