Shodan Search Reveals Open Cloud Control Panels

While researching web server frameworks, I ran across something that seemed very odd. I found what appeared to be unsecured Cloud Cluster controls. And using Shodan I could tell the difference between the ones that were using account login control and those that were surprisingly completely open to the public.

Twisted Web is a Python based web server used in many network applications. Over the years I have noticed that specific versions seem to be used for different tasks. I ran into one the other day that I do not remember seeing before.

An internet search using Shodan (the “search engine for Internet-connected devices”) for Twisted Web servers returned some odd results that I did not recognize. A specific version (10.2.0) returned what appeared to be some sort of cloud control interface on the internet.

If you go to the “Shodan.io” website and search for “twistedweb/10.2.0” it will list all of the systems in question, as seen below:

Shodan Cloud Security 1

There seem to be password protected ones and what appear to be completely unprotected ones. The difference being password protected ones contain a login.html file in the Shodan return, the completely open ones point to index.html.

So to have Shodan find all of the ones that appear completely open to the public, just search for “twistedweb/10.2.0 index.html” as seen below:

Shodan Cloud Security 2

As you can see there are more than 700 of them. They appear to be DataStax Enterprise Cluster Storage controls as seen in this picture from a DataStax YouTube demo:

Shodan Cloud Security 3

From the Datastax YouTube video it explains that you can completely control and monitor the Cluster storage from this interface. I was thinking this was something that really shouldn’t be completely open to the public on the internet. There must be a “require login” setting that people are just not using to secure them. As I wasn’t sure I ran the information by my friends at Evident.io.

“What you are seeing here is the failure to implement proper security controls around administrative interfaces of, in this case, Enterprise Cassandra NoSQL clusters. The unprotected administrative interface gives remote attackers the ability to connect to the cluster and perform administrative functions without authentication or resistance. This is often the result of business pressure to deploy technology to solve complex problems, but failure by the business to invest in time and resources to help those product teams protect the infrastructure and services themselves. A simple verification of security control deployment around this kind of technology would prevent this security incident from happening in the first place, and guarantee continued protection against mistakes that create unnecessary risk for the company,” said Tim Prendergast, co-founder and CEO of Evident.io.

There must be some way to protect these systems, or to notify cloud users of these issues.  Well, according to Prendergast, there is:

“Tools like the Evident Security Platform (ESP) help prevent these kinds of issues from being exploited by attackers by providing comprehensive visibility into the security controls deployed in your cloud, or alternatively you could build your own set of custom security controls through the custom signatures feature. Either way, nobody should operate their cloud environment without fast, accurate, and actionable information on these types of risks. The only way to protect your organization from suffering due to unprotected attack surfaces is to create a continuous, enforceable security practice around your cloud.”

As we have seen here, some improperly protected cloud controls across the world were found very easy using Shodan.  We could also easily differentiate between systems that had account login controls (I hope they used strong passwords) and those that didn’t. The advantages of using the cloud are obvious, but like any computing resource they must be protected properly from online threats.

About the Author

Daniel W. Dieterle is an internationally published author and computer security researcher with over 20 years’ experience in the IT field. His technical “How-To” articles have been featured in numerous computer magazines, and referenced by both industry websites and the media. He has also written three Ethical Hacking Security books based on Kali Linux, including latest book, “Basic Security Testing with Kali Linux 2” –  which contains a chapter on using Shodan.

 

 

Advertisements

The Benefits of Cloud-based Server Monitoring

There has been a lot said about the cloud and its advantages. Cloud-based server monitoring has been the latest solution to make this transition, but what advantages does it offer? Not being one to shirk a task, we threw down some magic beans and hopped up the resulting beanstalk to poke around the cloud and see how this solution stacks up and what it can offer to busy system administrators to make it worth their while.

Cost

One element that has contributed greatly to the cloud’s popularity is the low start-up costs and the predictable, subscription-based pricing models for IT system administrators looking to do more on a small budget. Cloud-based solutions require no software or hardware changes to your network infrastructure, so you don’t have to worry about capital expenditure costs taking a bite out of your budget.

The low entry cost of cloud-based server monitoring solutions thus provides you with a fast ROI – which is great news for IT departments struggling with budgetary constraints.

Fast Deployment

Cloud-based network monitoring solutions only require the deployment of an agent to the servers and workstations they need to monitor, which means they can be set up in minutes, greatly facilitating their installation on all devices, including remote PCs. System administrators have an easier task as there is no hardware to source, no applications to install, and no firewall ports to open.

Maintenance is simplified as updates and upgrades are automatically deployed by the host, leaving administrators free to concentrate on getting the value out of the system, not keeping it up to date and running and removing any issues that may arise from incompatibility, dependencies or conflicts.

Device and location independence

While many server monitoring solutions can alert you to critical events through email or text message so that you know what is going on, cloud based server monitoring solutions also enable you to log in to a management console through a web browser to see what is going on without the need to connect back into the office network.

Not only does this give you the ability to stay in touch with your network easily while you are out of the office, it also allows you to be proactive and deal with issues rapidly. In turn, this faster reaction time allows you to reduce system downtime and increases your organization’s productivity.

Simplicity

Cloud-based server monitoring solutions bring increased simplicity to the process of keeping your network healthy. While most monitoring solutions can offer pre-configured checks for the most common aspects of Windows servers, as well as easy-to-use interfaces, cloud-based solutions go one step further. They are designed to be implemented and managed by less experienced IT administrators, allowing you to redeploy senior staff with expensive skill sets to more productive tasks.

If you are looking to optimize your network, cloud-based server and network monitoring solutions offer you several advantages. Cost savings, rapid deployments, device and location independence and simplicity makes it easy to understand why cloud-based server monitoring is rapidly gaining ground. In fact, we like it so much at the top of this beanstalk, we think we’ll stay in the cloud a little while longer.

This guest post was provided by Jeff Smith on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on how you can benefit from cloud-based server monitoring.

All product and company names herein may be trademarks of their respective owners.

The Absurdity of Cloud Computing and Hosted Services

I’ve seen some crazy things in the IT world in the last 5 of my 20 years of experience in the field, but the push to move to cloud computing and hosted services has got to be the craziest thing I have seen so far. Please let me explain.

Times are bad right now, and companies are making hard decisions about their IT staffing and services. Somehow in the last 5 – 10 years or so, IT support seems to have gone from a mission critical status to being considered overhead. As other departments have had to do, significantly reduced IT departments are now supporting more devices, services and people with fewer staff.

As with other departments, older IT staff members have been “encouraged out the door” and replaced with fewer, lesser experienced staff. I have seen Unix server administrators put in charge of administrating Windows servers, even though they had no experience supporting them. Not sure of the executive thinking there – they are both servers, so they must be the same?

I have seen a high end Windows cluster server administrator who kept the executive and top engineering clusters of a major corporation running for years, be moved to be the sole support person for the corporate wide NAS servers. Though he had little to no experience with the NAS servers themselves, the storage group was dissolved beforehand and the one person remaining that he was replacing had already been placed in a new position, so there would be no training available. He was handed a user manual and told – “Good luck”.

I have seen a half empty building that was once full of corporate IT support staff. This was after several other buildings that were full of IT support staff were dissolved and consolidated into the one building. One part of the support staff that remained was told that their work week would be changing to a swing shift. They would be working 2nd shift for part of the week and 3rd shift for the remained of the week. The supervisor had the audacity to tell these former 1st shift workers that the new schedule would be better for their families.

I was told once by a distraught IT Director that he was informed by the corporate executives that the acceptable level of IT staff to employees is now 1 to 300. With all of these employees using computers or mobile devices, what happens when more than one critical system goes down at the same time? What happens to the quality of support when IT staff is flooded with requests and “emergencies”?

These are just a few things that I have seen or heard in the last few years, trust me there are many more. But what does these cutbacks and shifting of unqualified staff to critical positions have to do with cloud computing and hosted services?

Many companies are turning to online services to help cut costs and restore some level of IT support to their organizations. But what truly makes you think that these online services are not going through the same internal cutbacks and employee changes to cut costs of their own? How secure will your information really be with them? Your level of support?

If you can’t support your own IT, and who knows your business better than you, why would you think that external services can really do a better job? Don’t get me wrong, cloud computing and hosted services aren’t necessarily a bad thing. But making the decision solely for additional profit is not a wise move. Executive level decision makers really need to talk with (and listen to) their senior IT leadership to see if the move to hosted services would truly be a benefit or detriment to their company.

Security Webinar – McAfee: Exploiting the Cloud and Virtual Machines

McAfee is hosting an interesting looking webinar tomorrow at 2pm EST.

Hacking Exposed Live — Exploiting the Cloud and Virtual Machines

Subject (From host’s site):

During this live webcast, you’ll see exactly how hackers are exploiting cloud computing and virtual machines to harm businesses. We’ll demonstrate the use of commonly available tools they use and how they use them. We’ll reproduce real-world hacks using the same approaches that the hackers used and demonstrate what you can do to prevent them from being used against you.

From the e-mail notification, McAfee will be showing one of the latest hacking techniques used to attack the cloud and VM’s.

Check it out!