Configuration errors can cause similiar system failure like software bugs. misconfigurations can replicate crashes, hangs, silent failures of the system, the common characteristics found in every software bugs. But sysadmins usually ignores these misconfiguration issues if systems seems up and running smoothly. Usually unlike software bugs which gets much attention, the misconfiguration issues are usually neglected, which may lead to a data breach even system breach and unauthorised network access. And one day these misconguration becomes a living place of the ghosts in the network.
Security misconﬁguration can happen at any level of an application
stack, including the network services, platform, web server,
application server, database, frameworks, custom code, and
pre-installed virtual machines, containers, or storage.
How it happens
● Information disclosures
● Directory listing
● Stack traces or debug mode enabled
● Outdated or unpatched software/hardware
● Default credential
● Unnecessary features
● Unprotected resources
● Overly permissive policies
● CNAME record and unclaimed cloud resources
Bangladesh have nearly 400+ vulnerable CISCO devices to CVE-2018-0171
Bangladesh have nearly 800+ vulnerable MIKROTIK devices to CVE-2018-14847 are
already infected by COINHIVE miner.
Bangladesh have 1000++ unprotected devices directly connected to internet.
Bangladesh is the HOME of default credential enabled Systems.