TechPublishing Now MS Certified

TechPublishing Now MS Certified
Professor Robert McMillen, MBA Microsoft Certified Trainer and Solutions Expert

Tuesday, December 1, 2015

VTech called me years before they got hacked

Being in IT consulting I never know who will call me out of the blue.
About ten years ago I got a call from VTech about their computer network. I was reminded of this when I read about VTech getting hacked recently.

Their US HQ isn't far from where my office is so I drove over to see them in Beaverton on Nimbus to review the problem.

At that time they were having tremendous problems with their Active Directory. I didn't sign any non disclosure documents with them but I won't give away too much of their setup either. They were having replication issues between their main office and all their satellite offices. This basically means that if they create a new user or computer object in active directory in one location it doesn't replicate to the other locations timely, or at all.

Over time this not only can cause problems with users and devices logging in, but if their domain controllers don't communicate on a regular basis they can go into a tombstone state. This means that they no longer recognize each other as being in charge and start fighting with each other.

On top of that they had DNS issues because they were using a Unix server to resolve DNS names instead of a Windows server. This required many changes to the Unix server they didn't want to do themselves. They also didn't want to move to a Windows DNS server because they didn't know the ramifications even though I explained it to them. I gave them the quote to fix their issues and they balked.

It was going to take weeks and some downtime to fix it right and they didn't like that either, so they declined. I assumed they found another consultant at some point but about a year or so later they called me back in. They had the exact same problems and needed me to re quote it all to fix it again. This time they were in even worse shape so the quote turned out to be even higher.

They once again declined and decided to try to figure it out themselves or just let it be.
I ended up never working on a single device or software issue.

I could tell they were very distressed over this but I couldn't help them if they didn't have the money or desire to fix it. Now it will cost them millions of dollars to fix their security, among other things, and they are facing jail time in Asian countries. They also have lost the customer's trust.

Let this be a lesson to all companies that your network and your security is more than just a couple of server boxes that sit in a dusty hot closet. Many companies go out of business by treating their IT like the trash.

They also make the mistake of putting everything in the cloud with companies that are getting hacked themselves. With some thoughtful planning, and spending a little money now, you can literally save your company from being destroyed.

No comments:

Post a Comment