There are ways to circumvent cloudflare. Think of cloudflare as a wall, and like nearly all walls, there are ways around if you know where and how to look.
i work for a in network security and 95% of the time any firewall regardless of the vendor is barely configured correctly.
This is so true. So often it is a shitty network admin that couldn't get something to work so they just made huge holes. I have see rule sets that were super selective in permitting services and destinations, then having a permit any rule at the end because "SAP updates were not working and that fixed it."
I'm was a developer but it works the same way in network security, managers do not know what they are hiring, they think one security professional is the same as all the others. It's pathetic. Hiring talent matters as much in the security field as it does on the football field, if someone was to say all Quarterbacks were at the same skill level it would be thought of as hilarious, yet that is how managers think about IT staff.
That is the main reason why I left IT, got so tired of working with incompetent, lazy fools.
Same here I got tired of making cool shit, and our company getting bought out by a richer company who brings in a team of boneheads to fuck it all up. Moved into healthcare.
Yeah, and products have way too many features. For security, you really want a product that can't be configured insecurely for the environment it is in. Its when companies want convenience that security gets compromised.
The other weak link is that a lot of "security" protocols were installed inside systems to give Certain People (TM) access of the sort they want for various reasons.
I know you can go through the front gates if you just impersonate someone. But does this mean that the platform that hosts TDW has a gaping security flaw, or does it just mean that they should test the system under an assumption that someone will get phished?
There are ways to circumvent cloudflare. Think of cloudflare as a wall, and like nearly all walls, there are ways around if you know where and how to look.
This is so true. So often it is a shitty network admin that couldn't get something to work so they just made huge holes. I have see rule sets that were super selective in permitting services and destinations, then having a permit any rule at the end because "SAP updates were not working and that fixed it."
I'm was a developer but it works the same way in network security, managers do not know what they are hiring, they think one security professional is the same as all the others. It's pathetic. Hiring talent matters as much in the security field as it does on the football field, if someone was to say all Quarterbacks were at the same skill level it would be thought of as hilarious, yet that is how managers think about IT staff.
That is the main reason why I left IT, got so tired of working with incompetent, lazy fools.
Same here I got tired of making cool shit, and our company getting bought out by a richer company who brings in a team of boneheads to fuck it all up. Moved into healthcare.
Yeah, and products have way too many features. For security, you really want a product that can't be configured insecurely for the environment it is in. Its when companies want convenience that security gets compromised.
The other weak link is that a lot of "security" protocols were installed inside systems to give Certain People (TM) access of the sort they want for various reasons.
See:
PROMIS/Inslaw
Octopus and Kraken
I know you can go through the front gates if you just impersonate someone. But does this mean that the platform that hosts TDW has a gaping security flaw, or does it just mean that they should test the system under an assumption that someone will get phished?