Many SQL servers use scripts that run as domain administrator. With the password hard coded in.
Several of the various servers are very old. W2K, 2003, 2008. SQL server, too.
Several of the users run reports via rdp to the SQL server - logging in as domain admin.
Codebase is a mashup of various dev tools: .net, asp, Java, etc.
Fax server software vendor has been out of business for a decade. Server hardware is 20 years old. Telecom for fax is a channelized PRI carrying POTS - and multiport modem cards. Fax is used for processing checks.
About a 3rd of the ethernet runs in the office have failed.
Office pcs are static IP. Boss says that’s more secure.
They were hacked about a year ago. They changed the domain admin password and restored the backups. That’s it.
Many moons ago I was getting my W2K certs. I dropped a vanilla box into my home lab, installed W2K server, connected it to my LAN, and left to take leak and get a cup of coffee. By the time I got back 10 minutes later, some enterprising soul had installed SQLServer and Exchange 5.5 over the Internet in preparation for fuck knows what. I burped, farted, and disconnected my router. Then I sat down to reconsider my career choice.
Many SQL servers use scripts that run as domain administrator. With the password hard coded in.
Several of the various servers are very old. W2K, 2003, 2008. SQL server, too.
Several of the users run reports via rdp to the SQL server - logging in as domain admin.
Codebase is a mashup of various dev tools: .net, asp, Java, etc.
Fax server software vendor has been out of business for a decade. Server hardware is 20 years old. Telecom for fax is a channelized PRI carrying POTS - and multiport modem cards. Fax is used for processing checks.
About a 3rd of the ethernet runs in the office have failed.
Office pcs are static IP. Boss says that’s more secure.
They were hacked about a year ago. They changed the domain admin password and restored the backups. That’s it.
They processed money to/from the Fed.
Many moons ago I was getting my W2K certs. I dropped a vanilla box into my home lab, installed W2K server, connected it to my LAN, and left to take leak and get a cup of coffee. By the time I got back 10 minutes later, some enterprising soul had installed SQLServer and Exchange 5.5 over the Internet in preparation for fuck knows what. I burped, farted, and disconnected my router. Then I sat down to reconsider my career choice.
The thing limiting it most is the last sentence, the rest I’ve seen as well :D