A good rundown of what exactly happened to them was detailed recently in The New York Times. But even if your data wasn’t compromised, this exploit has some important lessons for your business when it comes to beefing up your own network security posture. Here are a few important takeaways.
1. Segment Your Network Properly
One of the main entry points into Target’s POS network was their heating contractor, which had way more access rights than needed. According to Brian Krebs, “it is common for large retail operations to have a team that routinely monitors energy consumption and temperatures in stores to save on costs (particularly at night) and to alert store managers if temperatures in the stores fluctuate outside of an acceptable range that could prevent customers from shopping at the store.”
But that doesn’t fully explain why a contractor needs to have access to your entire system –exposing your network security – just to turn up the heat. And this gaping vulnerability was exploited: it turns out the bad guys were able to steal the contractor’s network credentials to access many different stores’ networks as a result.
2. Take a Closer Look at Two-Factor Authentication
Another key issue was the heating contractor wasn’t using two-factor authentication on their network credentials. There is simply no excuse for this, as nowadays, you can add a second factor to your logins at Facebook, Twitter, Google Docs, LinkedIn and many other software sites.
The US CERT has put together a list of recommendations for POS network security, but the first step is in strengthening passwords. I’ve previously reviewed many of the two-factor tools enterprises can use to add another layer of network security to their systems, a large sum of which are relatively straightforward to implement. And while they can’t protect you against every attacker (one recent notable example: in the Netflix series House of Cards – spoiler alert if you read on), it’s still better than not having it at all.
3. Change Your Default Admin Accounts
One part of the exploit made use of the same username that gets installed with an IT management software suite from BMC called Performance Assurance for Microsoft Servers. Brian Krebs again has more information about how exactly this went down.
Using administrative accounts placed onto a system before installation is an exploit that’s been around for a very long time. There’s no excuse for laziness: change those default passwords, especially on accounts that have administrative or supervisory access to multiple or sensitive systems.
Obviously, these are just the tip of the iceberg, but all three lessons are important in strengthening your network security to prevent yourself from becoming another Target. After all, there is no point in having a strong perimeter defense if outsiders can easily become insiders and roam freely around your network.