Misconfiguration
Never attribute to malice that which is adequately explained by misconfiguration. —Zabicki’s Razor (with apologies to Hanlon)
Attackers are opportunistic. They won’t bother with a sophisticated attack where a simple one will do, and seeking out and exploiting misconfigured systems is one of the simplest attacks there is.
We need to develop the capabilities for ongoing monitoring of our systems to make sure we haven’t made the kinds of configuration mistakes that will open the door for easy attacks. The specifics of how you do this will vary significantly depending on exactly which technologies you use in your organization. We’ll take a look at some of the most common misconfigurations and some tools to detect them. Even if you ...
Get Practical Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
