, Agreed. Like, I’m not surprised that it was allowed to interface with the ATM because at that layer, I think the jump would have been from the switch to the ATM(although the ATM should habe not accepted the connection imo). So it would have never gone through any security. But it blows my mind that it was allowed to access a mail server as part of the routing, And even more so that it was allowed to go from that mail server to the outside world to establish a second route into the establishment. Like, how did it never hit any type of security or blocker anywhere in that process?
Even at that layer it should require site specific knowledge to gain access to the network, knowledge like specific IP ranges, netmask and VLAN, that they really shouldn’t have. This bank managed to mess up literally every single step of the IT security chain, it’s almost impressive.
, Agreed. Like, I’m not surprised that it was allowed to interface with the ATM because at that layer, I think the jump would have been from the switch to the ATM(although the ATM should habe not accepted the connection imo). So it would have never gone through any security. But it blows my mind that it was allowed to access a mail server as part of the routing, And even more so that it was allowed to go from that mail server to the outside world to establish a second route into the establishment. Like, how did it never hit any type of security or blocker anywhere in that process?
Even at that layer it should require site specific knowledge to gain access to the network, knowledge like specific IP ranges, netmask and VLAN, that they really shouldn’t have. This bank managed to mess up literally every single step of the IT security chain, it’s almost impressive.