Musings on the NY Prison Break as It Relates to IT Security

 
 

Now that David Sweat is back in prison, I would imagine more details will be revealed about the multitude of security breaches that allowed Matt and him to  escape. Of course, everyone at Clinic+ gathered around the water cooler to discuss the breaches that led to the escape. Our favorite part was the post-it note they left on the pipe they crawled through basically saying ‘you blew it.’ It reminded us of calling cards left by hackers to gain publicity for their exploits.

Since all things lead back to our own business and our pride in our security systems and policies, we couldn’t help but want to put out some thoughts on the parallels and lessons to be learned from this extraordinary feat.

SLEEP

Prison guards may have slept during their evening shifts, allowing the prisoners to work on their escape unsupervised. While we can’t be constantly vigilant to breach attempts at all access points in a network, we can set thresholds and alerts for possible attempts, and we should always keep detailed access logs and audit them regularly for attack patterns. The clues are there if you pay attention.

ACCESS

Prison guards not only allowed the prisoners to do their own “work” on the prison electrical system, but they loaned them tools to do it. In IT it is imperative that all system’s privilege policies are as restrictive as possible while still allowing admins to get their jobs done, and that any administrative tools are only accessible to those that need them.

CONTRABAND

Prisoners were smuggled additional tools through a convoluted system of frozen meat and metal detector bypass. The frozen meat was especially fascinating, we’ll see if it shows up on next season’s Orange is the New Black. Similar to the virtual access restrictions above, if you run any of your infrastructure on premise, physical access to those servers MUST be restricted to the admins who control them. We are talking locked cages, closets, or entire server rooms. A breach is not as simple as plugging in an infected USB key like in the movies (or on House of Cards), but physical access can be a starting point for introducing tools that could lead to a breach.

While the nation was mesmerized by the audacity of the escape, the length and breadth of the search, and the eventual killing and recapture of those involved, we should make sure that we don’t forget the original lapses that allowed for this to occur. Take a look at your IT security plans and recognize that it’s easier to make sure they are solidly in place before someone goes in where they shouldn’t, rather than after.