文章指出每年大量数据泄露源于服务器、防火墙等设备配置不当。尽管企业和政府在技术上投入巨大,但配置错误仍是主要风险。文章通过DHS平台误曝敏感信息及云存储配置不当导致用户数据泄露等案例,揭示了人为失误和管理漏洞对网络安全的威胁,并强调需加强人员培训和流程管理以减少此类事件发生。 2025-9-21 09:11:0 Author: securityboulevard.com(查看原文) 阅读量:7 收藏
Billions of records are breached each year as a result of misconfigured servers, firewalls and other network devices. What can be done? Let’s explore.
September 21, 2025 •
The conventional wisdom is that public- and private-sector enterprises are outgunned, outspent, outmaneuvered and just plain out of their league when it comes to defending themselves online against nation-state hackers and global criminal ransomware groups. And this thinking is not only prevalent in small, poorly funded local governments or midsize U.S. businesses, but even state governments and Fortune 2000 companies often exhibit a defeatist mentality when it comes to cyber defense.
Nevertheless, this thinking ignores (among other things) the reality that a large percentage of data breaches and unauthorized intrusions are a direct result of technology misconfigurations.
“An internal DHS memo obtained by a Freedom of Information Act (FOIA) request and shared with WIRED reveals that from March to May of 2023, a DHS online platform used by the DHS Office of Intelligence and Analysis (I&A) to share sensitive but unclassified intelligence information and investigative leads among the DHS, the FBI, the National Counterterrorism Center, local law enforcement, and intelligence fusion centers across the US was misconfigured, accidentally exposing restricted intelligence information to all users of the platform.
“Access to the data, according to a DHS inquiry described in the memo, was meant to be limited to users of the Homeland Security Information Network’s intelligence section, known as HSIN-Intel. Instead it was set to grant access to ‘everyone,’ exposing the information to HSIN’s tens of thousands of users. The unauthorized users who had access included US government workers focused on fields unrelated to intelligence or law enforcement such as disaster response, as well as private sector contractors and foreign government staff with access to HSIN.”
Here’s an excerpt: “Cybersecurity researcher Jeremiah Fowler, who first discovered and reported the breach, emphasized that instead of being hashed or encrypted, the leak involved plain-text records of sensitive information, making it immediately usable for cybercriminals.
“He further highlighted the presence of authorization URLs in the unsecured database, which in some cases could bypass the traditional password entry process, making it even easier for cybercriminals to gain access to private user accounts.
“The breach is being described as a ‘cybercriminal’s working list’ as it offers a ready-to-use database of over 184 million user records for crimes like identity theft, phishing, credential stuffing, and unauthorized financial transactions. The database not only contained credentials and login links connected to popular platforms, but it also included details of bank accounts, health platforms, and even government portals from various nations.”
This article from Forbes highlights “Why Cloud Misconfigurations Remain A Top Cause Of Data Breaches”: “In fact, cloud misconfigurations are often termed as a ‘technical oversight.’ But they’re a systemic failure—a gap between how we build, secure and perceive risk in the cloud. …
“In modern cloud environments, what looks like a single misstep is usually the byproduct of complex, fast-moving workflows. For example, take a developer spinning up a new microservice, working in a CI/CD pipeline and deploying infrastructure as code (IaC). The security team might not even see the new environment until it’s live. If the template they used includes overly permissive IAM policies, that misconfiguration automatically spreads to every future deployment.
“And, here’s what most people miss: misconfigurations don’t happen in isolation. They’re often tied to contextual blind spots. A storage bucket open to the public isn’t always dangerous—unless it contains sensitive production data or exposes internal infrastructure paths. But cloud security tools typically flag everything equally, drowning teams in alerts while critical issues get buried.”
The article goes on to describe some of the key complexities that often go unnoticed, such as cloud drift and lack of context.
SOLUTIONS, PLEASE!
I’d like to offer some resources to help in this endeavor to close cloud misconfigurations and related enterprise security vulnerabilities.
“The most common cloud security vulnerabilities include the following:
- Misconfigurations
- Lack of visibility
- Poor access management
- Insider threats
- Unsecured APIs
- Zero-days
- Shadow IT
- Lack of encryption
- Inadequate segmentation
- Vulnerable dependencies
- Deficient logging and monitoring”
“Cloud misconfigurations — the gaps, errors and vulnerabilities that occur when security settings are poorly chosen or neglected entirely — provide adversaries with an easy path to infiltrate the cloud. Multi-cloud environments are complex, and it can be difficult to tell when excessive account permissions are granted, improper public access is configured or other mistakes are made. It can also be difficult to tell when an adversary takes advantage of them. …
“So what are the most common misconfigurations we see exploited by threat actors? Our cloud specialists have observed the following preventative gaps and detection gaps (*) stemming from misconfigured cloud settings:
- Unrestricted outbound access
- Disabled logging
- Missing alerts
- Exposed access keys
- Excessive account permissions
- Ineffective identity architecture
- Inadequate network segmentation
- Improper public access configured
- Public snapshots and images
- Open databases, caches and storage buckets
- Neglected cloud infrastructure”
Note, the article goes on to describe each of these items in detail, so I encourage you to return to the URL link above.
“Cloud misconfigurations can occur in different places in the cloud infrastructure and are of different types. Let’s look at some cloud misconfiguration examples.
1. Identity and Access Management (IAM)
2. Data Storage Configuration
3. Networking Configuration
4. Misconfigured Logging and Monitoring
Causes of Cloud Misconfiguration
“There are multiple things that can cause a cloud misconfiguration, and you need to know what they are if you’re going to prevent and resolve them in the future.
- Human Error
- Lack of Expertise
- Complex Cloud Architecture
- Poor Governance and Policy Management”
For one more, SecPod offers their “Top 10 Cloud Misconfigurations to Avoid” (with details such as the risk, examples, prevention and automation on each item at their website):
1. “Over Permissive IAM Roles
2. Missing Multi-Factor Authentication (MFA) on Admin Accounts
3. Public Storage Buckets
4. Insecure APIs
5. Misconfigured Security Groups
6. Unprotected CI/CD Secrets
7. Lack of Encryption at Rest and in Transit
8. No Centralized Logging
9. Shadow IT / Unmonitored Accounts
10. No PolicyasCode Enforcement”
FINAL THOUGHTS
For almost two decades, this blog has emphasized the importance of people, process and technology aspects to cybersecurity and technology success. And yet, there remains a natural tendency to assume that better technology will overcome poor processes and even poor training or staff mistakes.
The reality is that misconfigurations fall into the people and process side of cyber, and there are no shortcuts or easy answers to this challenge.
We must redouble our efforts to build better processes and ensure trained staff have adequate safeguards to ensure any mistakes are found and corrected before they lead to data breaches.
Here are a few of the titles that I didn’t choose, but reinforce this central point:
- The Misconfiguration Crisis: A People, Process and Policy Failure
- Outgunned or Overlooked? The Real Reason Behind Most Data Breaches
- Fixing the Fundamentals: Closing the Cloud Misconfiguration Gap
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
如有侵权请联系:admin#unsafe.sh