On 03/18/20 09:29 -0500, Blake Hudson wrote:
On 3/17/2020 1:54 PM, Dan White wrote:
On 03/17/20 14:38 -0400, Rich Kulawiec wrote:
On Tue, Mar 17, 2020 at 08:38:28AM -0700, Mike Bolitho wrote:
That's the good news. Here's the bad news: in about 2-3 weeks, when
our health care systems are stretched to the breaking point, there will
be a window of opportunity for adversaries to maximize the damage.
On a slightly tangential topic, we had a dictionary attack against
customer voice accounts over night, presumably to implement toll fraud.
We were in the middle of working out work-from-home plans and were quite
distracted with other things. We managed to get on top of it quickly
once someone noticed.
Attackers taking advantage of this situation is a serious concern.
Dan, we're aware of another telco that ran into a similar fraud
situation last week. They stood up some more restrictive ACLs to
combat the fraud, but broke VoIP RTP in the process. 'Hit em while
they're occupied' type of attacks I guess should be expected right
now. As my grandmother would say: an ounce of prevention is worth a
pound of cure.
Hey Blake,
I appreciate that. We've got two tendencies going on here at the moment:
1) Man the ship of operations. Stay alert and fix the problems that arise.
Be totally reactive, and be the "hero".
2) Increase visibility and focus on network design. Move planned upgrades
up a few weeks/months. Be proactive.
Option 2 is the better long term option, but the risk is that any change,
while short staffed is going to run the risk of unintended consequences. Basically it's
"If it's not broke, don't fix it." and "Be very paranoid about what you touch.
--
Dan White
Network Admin Lead
