The Elastic Band, MongoDB, DevOps, Take That

 In ITC's Threat of the Week

After the decisions of the great and good of The Glastonbury Festival to headline Kanye and Adele, you could be forgiven for thinking that this week’s blog would be promotional material for a strange festival experience (ITCFest, entrance fee £300 per head, Cans of Beer £6 each, 3 days of rain, tent robbery not to mention the ‘facilities’).

You would be wrong.

Earlier this week, groups of hackers with the usual names (kraken0 for instance), began a campaign of compromising MongoDB databases which are exposed to the internet. Of the 100,000 internet facing installations, thousands (over 30,000 apparently) have been hacked, encrypted, contents stolen and the usual ransomware demand applied (currently running at about £900, making ITCFest look like value for money). Have a look at Niall Merrigan’s tweets on the subject.

It has been known for some time that default MongoDB installations are not especially secure out of the box, more of this later.

Having raped and pillaged the unfortunate MongoDB community, it appears the same crew are now targeting Elasticsearch installations.

One of the amazing promises, gifts and goodness of cloud computing is the Elasticsearch stack. The integration of Elasticsearch, Logstash and other log delivery technologies with search engines like Kibana, have the most amazing utility and potential for visibility hitherto unknown outside of major centralised logging/SIEM platforms.

Here at ITC Towers, we are deeply involved with designing and testing these technologies to provide context, use-case based value to our customers.

The ease with which a developer or DevOps guy/girl can spin up and test these technologies is truly amazing. One of our very own operatives recently built operating capability in both Azure and AWS in a few days for instance. Many of these are probably configured using default settings. New and cool for sure, but perhaps not as tight as a well-rehearsed, reliable five piece.

The problem, we think, is that these Dev/Test instances, because of their power and utility, are quickly pressed into service, perhaps with access to real data, without the governance around Identity and Access Management, Application Inspection, Vulnerability Management, security base-lining and best practice, you know, the boring sort of processes we used to mandate with old school, on premise technologies…

Any concert or festival would be a total disaster without a sound check. ITC is working hard to provide sound checks and reliable quality assurance to help orchestrate our customer’s Cloud Gigs, make sure they perform well and are not pirated.

As well as best practice guides, we are extending our NetSure360° offering into cloud environments. A subject we will be discussing at our forthcoming StormCloud event on the 26th of January at The Cheesegrater. If you are not registered, please do so come along, it will be worth it.

If you would like to discuss managing your Cloud Gig appropriately, please contact us at: enquiries@itcsecure.com or 020 7517 3900.

CHECK ONE, TWO…

Author: Kevin Whelan

Recent Posts

Leave a Comment