Location: A security area with access control. Two pentesters need to get (legitimate) access to the area, which requires three things: An authorisation token, your signature, and your identity card. The token is ready, the paper sheet signed and… access is granted. Wait, what about the identity card? The friendly security guard is stumped.
“Well, the system says an ID card is not required. Let me check again. Nope, the option’s not checked. But now that you mention it… we had a software upgrade last week. I guess the config just got lost in the process.”
So remember: When doing a software update in a high security area, back up your config files and compare them with the updated configuration. You may spare yourself the unpleasant surprise of having some pentesters notice the lowered security barrier. Or much worse, have a real incident.
Post a Comment