Exposed assets, in particular, assets exposed without proper configuration and management, are a huge issue, said Johannes Ullrich, dean of research at the SANS Institute.
Guidance βcovers the basicsβ
βThe data we collect at the Internet Storm Center shows that assets are scanned and discovered within minutes of being exposed,β he said in an email. βThe top targets are exposed telnet and SSH servers with weak passwords, web-based admin consoles for various devices (cameras, firewalls, network storage devices), and remote access tools like [Windows] RDP.βΒ This has become an even larger problem with so many applications being deployed in the cloud, he added, which does make it much more difficult to restrict access to them.Β
βThe CISA guidance is making good points and covers the basics,β he said, βbut the tricky part is to scale these efforts. Public search engines like Shodan and Censys are helpful [to infosec pros], but they should not replace regular scans from an external IP address.β
