Many SQL servers use scripts that run as domain administrator. With the password hard coded in.
Several of the various servers are very old. W2K, 2003, 2008. SQL server, too.
Several of the users run reports via rdp to the SQL server - logging in as domain admin.
Codebase is a mashup of various dev tools: .net, asp, Java, etc.
Fax server software vendor has been out of business for a decade. Server hardware is 20 years old. Telecom for fax is a channelized PRI carrying POTS - and multiport modem cards. Fax is used for processing checks.
About a 3rd of the ethernet runs in the office have failed.
Office pcs are static IP. Boss says that’s more secure.
They were hacked about a year ago. They changed the domain admin password and restored the backups. That’s it.
Many SQL servers use scripts that run as domain administrator. With the password hard coded in.
Several of the various servers are very old. W2K, 2003, 2008. SQL server, too.
Several of the users run reports via rdp to the SQL server - logging in as domain admin.
Codebase is a mashup of various dev tools: .net, asp, Java, etc.
Fax server software vendor has been out of business for a decade. Server hardware is 20 years old. Telecom for fax is a channelized PRI carrying POTS - and multiport modem cards. Fax is used for processing checks.
About a 3rd of the ethernet runs in the office have failed.
Office pcs are static IP. Boss says that’s more secure.
They were hacked about a year ago. They changed the domain admin password and restored the backups. That’s it.
They processed money to/from the Fed.
The thing limiting it most is the last sentence, the rest I’ve seen as well :D