close
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope debuts as a Leader in the Gartner® Magic Quadrant™ for Single-Vendor SASE
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                            Netskope GovCloud
                            Netskope achieves FedRAMP High Authorization
                            Choose Netskope GovCloud to accelerate your agency’s transformation.
                              Let's Do Great Things Together
                              Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                Netskope solutions
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskope Technical Support
                                  Netskope Technical Support
                                  Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                    Netskope video
                                    Netskope Training
                                    Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.

                                      Unicorns and “private” backdoors to managing your cloud (aka. things that don’t exist)

                                      Nov 01 2013
                                      Tags
                                      Cloud Best Practices
                                      Cloud Management
                                      Word on the Street

                                      For every box that contains a secret, someone wants to open it. That secret may be where you hid your favorite pair of socks or the private key for your certificate authority. Simply because that box contains a secret is enough to make someone want it. Recently you may have read about the breach over at MongoHQ and then the follow up about what happened has been detailed over here. Since this topic has been so well covered by both the company and 3rd parties I don’t want to continue to talk about the breach but about one of the issues that lead to this breach: accessibility.

                                      When building a cloud you are building a digital fortress floating out in the Internet. It has its moats, drawbridges, and portcullis that protect access from your visitors from accessing your system. However there often are unprotected entrances to servants quarters that may be left open. These servants quarters in this case is the management access into your cloud. While you might hope that these doors are left in the shadows and unnoticed they often are not. Because Internet connectivity is so fast its completely possible to scan every IPv4 address on the Internet in less than a day. Here is an example of long time security guru Rob Graham scanning for SSH in a matter of 10 hours. This means that is easily possible to find these dark corridors that allow entrance into your castle in the cloud. To prevent access into your cloud it is best to implement a VPN or have specific management service to access your devices. Some cloud management providers such as Vistara provide such a service. Meaning that the only way to access the hosts are through an authenticated portal that ensures that only specific people can access the service.

                                      No matter what method you use when accessing a cloud it needs to use strong authentication. This needs to be something that is outside of human control. Humans make stupid mistakes and they want the easiest solution to problems. This leaves us with passwords such as “ilovemom” or “whatdoesthefoxsay”. To take this problem out of humans hands two-factor authentication should be used. Lets take a look at a company Activision Blizzard who had a huge problem of account theft. They make hugely popular games such as World of Warcraft, Diablo, and Starcaft. These games contain earned currency or items that can be sold for real world money. Early on Blizzard determined that they couldn’t trust users to secure their own accounts so they implemented a two-factor authentication. But to ensure users would use this authentication method they made it very simple to use. They gave away free software for all smart phones, sold authentication tokens at cost, and even offered a phone service where you can call into to get a token. In the end Blizzard knew the only way to win this battle was to make it so easy to use two-factor authentication that the users couldn’t afford to not use it.

                                      So in summary if it is easy for you to access the management of your cloud service it will be for someone else as well. Consider that your adversary has an infinite amount of time, compute, and bandwidth to combat you with. To minimize your risk you need to utilize strong authentication and restricted access into your cloud management environment. These are the steps that MongoHQ took after the breach and its something that everyone should take before your breach.

                                      Have a question for Netskope about enterprise cloud security? Reach out and let us know!

                                      author image
                                      Netskope Staff
                                      Browse recent articles by Netskope Staff. Discover the latest trends and updates within the cloud and network space.
                                      Browse recent articles by Netskope Staff. Discover the latest trends and updates within the cloud and network space.

                                      Stay informed!

                                      Subscribe for the latest from the Netskope Blog