CA's cyber threat reports
Hi All, This morning I got an interesting email from cirt@ca.go.ke<mailto:cirt@ca.go.ke> as regards open RDP ports on the network. Now, I've got a few questions about this - a.) Has anyone else had similar reports b.) Ports can be open for many reasons - and they sit on private companies machines and companies have the right to firewall or not firewall dependent on a multitude of reasons - why are these being put out as an incident report c.) Under what premise does anyone - be they cert or otherwise - have the authority to run scans against private networks and systems - I was under the impression that port scanning private systems was not allowed? I'm kinda concerned here when a report shows up that clearly indicates that targeted scans have been made - particularly since some of the IP addresses in that report are not even inside Kenya and sit on IP addresses belonging to clients who have in no way authorized security scans against themselves. Anyone got any thoughts or comments? Andrew
Andrew Please break it down to us who are technically challenged. :-) What does this really mean? In layman' language. Ali Hussein Hussein & Associates +254 0713 601113 / 0770906375 Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim Blog: www.alyhussein.com "Discovery consists in seeing what everyone else has seen and thinking what no one else has thought". ~ Albert Szent-Györgyi Sent from my iPad
On 5 Jun 2017, at 10:08 AM, Andrew Alston via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Hi All,
This morning I got an interesting email from cirt@ca.go.ke as regards open RDP ports on the network.
Now, I’ve got a few questions about this -
a.) Has anyone else had similar reports b.) Ports can be open for many reasons – and they sit on private companies machines and companies have the right to firewall or not firewall dependent on a multitude of reasons – why are these being put out as an incident report c.) Under what premise does anyone – be they cert or otherwise – have the authority to run scans against private networks and systems – I was under the impression that port scanning private systems was not allowed?
I’m kinda concerned here when a report shows up that clearly indicates that targeted scans have been made – particularly since some of the IP addresses in that report are not even inside Kenya and sit on IP addresses belonging to clients who have in no way authorized security scans against themselves.
Anyone got any thoughts or comments?
Andrew
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40campusciti.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
@Andrew Using A website like Shodan.io, all ports in Kenya can be scanned which is passive and can be done by anyone so far as they have an email account. I believe CERT is only alerting people to close those ports as they might be vulnerable. It will be in the interest of the admins to secure their infrastructure or not if they feel the RDP port does not pose a threat. ~ze3D~ On Mon, Jun 5, 2017 at 11:02 AM, Admin CampusCiti via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Andrew
Please break it down to us who are technically challenged. :-)
What does this really mean? In layman' language.
*Ali Hussein* *Hussein & Associates* +254 0713 601113 <0713%20601113> / 0770906375 <0770%20906375>
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim <http://ke.linkedin.com/in/alihkassim>
Blog: www.alyhussein.com
"Discovery consists in seeing what everyone else has seen and thinking what no one else has thought". ~ Albert Szent-Györgyi
Sent from my iPad
On 5 Jun 2017, at 10:08 AM, Andrew Alston via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Hi All,
This morning I got an interesting email from cirt@ca.go.ke as regards open RDP ports on the network.
Now, I’ve got a few questions about this -
a.) Has anyone else had similar reports
b.) Ports can be open for many reasons – and they sit on private companies machines and companies have the right to firewall or not firewall dependent on a multitude of reasons – why are these being put out as an incident report
c.) Under what premise does anyone – be they cert or otherwise – have the authority to run scans against private networks and systems – I was under the impression that port scanning private systems was not allowed?
I’m kinda concerned here when a report shows up that clearly indicates that targeted scans have been made – particularly since some of the IP addresses in that report are not even inside Kenya and sit on IP addresses belonging to clients who have in no way authorized security scans against themselves.
Anyone got any thoughts or comments?
Andrew
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/info%40campusciti.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/brightzeed%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
@Bright, so they assume that everyone doesn't have a firewall, right? (Which is a good thing anyway!) Is there a known vulnerability associated with RDP? IIRC, RDP is disabled by default, so if you find a place where it's been enabled, it's a very deliberate action, with whoever doing it knowing what they're doing. PS: I choose to restrict my argument on the original post by Andrew. On 5 June 2017 at 11:29, BRIGHT GAMELI via kictanet < kictanet@lists.kictanet.or.ke> wrote:
@Andrew
Using A website like Shodan.io, all ports in Kenya can be scanned which is passive and can be done by anyone so far as they have an email account.
I believe CERT is only alerting people to close those ports as they might be vulnerable. It will be in the interest of the admins to secure their infrastructure or not if they feel the RDP port does not pose a threat.
~ze3D~
On Mon, Jun 5, 2017 at 11:02 AM, Admin CampusCiti via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Andrew
Please break it down to us who are technically challenged. :-)
What does this really mean? In layman' language.
*Ali Hussein* *Hussein & Associates* +254 0713 601113 <0713%20601113> / 0770906375 <0770%20906375>
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim <http://ke.linkedin.com/in/alihkassim>
Blog: www.alyhussein.com
"Discovery consists in seeing what everyone else has seen and thinking what no one else has thought". ~ Albert Szent-Györgyi
Sent from my iPad
On 5 Jun 2017, at 10:08 AM, Andrew Alston via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Hi All,
This morning I got an interesting email from cirt@ca.go.ke as regards open RDP ports on the network.
Now, I’ve got a few questions about this -
a.) Has anyone else had similar reports
b.) Ports can be open for many reasons – and they sit on private companies machines and companies have the right to firewall or not firewall dependent on a multitude of reasons – why are these being put out as an incident report
c.) Under what premise does anyone – be they cert or otherwise – have the authority to run scans against private networks and systems – I was under the impression that port scanning private systems was not allowed?
I’m kinda concerned here when a report shows up that clearly indicates that targeted scans have been made – particularly since some of the IP addresses in that report are not even inside Kenya and sit on IP addresses belonging to clients who have in no way authorized security scans against themselves.
Anyone got any thoughts or comments?
Andrew
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/info%40campusciti.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/brightzeed%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/odhiambo%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
Hi Andrew, I think they (CERT-KE or whatever) sent you that report in your capacity as a contact person for your network. So it's possible other network 'managers' (contact persons) got the same. I don't know if they are active here. That they can scan networks and report on open ports, and raise something as stupid as RDP ports being open is a strange one! Maybe there is some law we're not privy to that allows them to do port scanning on ALL networks?? I would have thought that their is to highlight vulnerabilities and how such can be mitigated, instead of going into network scanning. It demonstrates lack of knowledge of their mandate and idleness - they probably don't have much work in their hands and so want to justify their existence. On 5 June 2017 at 10:08, Andrew Alston via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Hi All,
This morning I got an interesting email from cirt@ca.go.ke as regards open RDP ports on the network.
Now, I’ve got a few questions about this -
a.) Has anyone else had similar reports
b.) Ports can be open for many reasons – and they sit on private companies machines and companies have the right to firewall or not firewall dependent on a multitude of reasons – why are these being put out as an incident report
c.) Under what premise does anyone – be they cert or otherwise – have the authority to run scans against private networks and systems – I was under the impression that port scanning private systems was not allowed?
I’m kinda concerned here when a report shows up that clearly indicates that targeted scans have been made – particularly since some of the IP addresses in that report are not even inside Kenya and sit on IP addresses belonging to clients who have in no way authorized security scans against themselves.
Anyone got any thoughts or comments?
Andrew
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/odhiambo%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
participants (4)
-
Admin CampusCiti -
Andrew Alston -
BRIGHT GAMELI -
Odhiambo Washington