Patch all those windows boxes

[qasdfdsaq]

Yes, we have change management and tons of over the top RFC processes though none of my servers have to deal with them (nor are any of them running Windows).

However both here and at many other HEIs there are domain controllers operating AD accounts for many thousands of uncontrolled users, including public and guest accounts. This'll be very fun for them to deal with - given there'll be a distribution of tens of thousands of student accounts and any staff member has the ability to auto-create guest accounts for anyone who walks off the street without requiring approval. Public libraries and the like will likewise be highly vulnerable.

Makes that other incident at an institution-who-shall-not-be-named that recently found some hardware keyloggers plugged into the back of their corporate machines seem pretty tame in comparison.

[Qtx]

Network/traffic monitoring and applying related snort rules (or similar) is the best bet for stopping these. These days there is a market for selling efficient rules quickly, so companies and organisations that subscribe to various services are better prepared than others that might wait for public info. Might not be so bad for your lot due to this

These rules are not always perfect at first though.

[qasdfdsaq]

Sadly our border firewalls are too primitive to do much deep filtering, plus we have a global block-inbound rule anyway which helps against many server-side vulnerabilities.

Regardless I just look after the research servers and nobody really cares if they break. We've yet to suffer any detectable compromise, almost miraculous considering I caught somebody running phpMyAdmin on a public server yesterday with the username and password set to 'root' and 'root'. I may need to dig out the good ol' LART.

But seriously, human error (aka PEBKAC) is generally a bigger problem than many of these mentioned vulnerabilities for organizations that don't really have any commercially sensitive information.