top | item 10756822

(no title)

nathanb | 10 years ago

I work for a company which makes network devices. We've detected many hostile intrusions in our network. If you make hardware or software that runs in enterprise datacenters, someone is surely going to be trying to steal your source code to find exploits and possibly put backdoors in.

We use multi-factor authentication just to get in the corporate network and a separate, airlocked engineering network to store our IP. From what I've talked to from my colleagues at other major device manufacturers, this is becoming the industry standard (seven years ago I scoffed at Ericsson's paranoia for having a sequestered engineering network. Turns out they just saw the attacks earlier than we did).

In our case, doesn't seem to be the NSA. Looks more like China. Could easily be either one, or yet another party. This is the world we live in.

discuss

ghshephard|10 years ago

When I set up the Stock Options system at Netscape (as the Desktop Support guy) back in 1997, It consisted of two computers, connected to each other via a switch, in a Locked room, with a wall all the way to the ceiling to reduce false-ceiling access, with that room also located inside the Secure Legal Office Space. Systems were backed up daily by the users, using encrypted backups to Zip Drives.

It's interesting how when you don't know what the hell you are doing, you sometimes do something reasonably secure by pure happenstance. (Also, I had probably read too much Bruce Schneier when I was a teenager.)

beagle3|10 years ago

What exactly did the Stock Options system do? Was it the registry of options? Did the accounting department have such a secure setup?

beagle3|10 years ago

I was doing this for a fintec company in 2002, and was scoffed at by just about everyone. These things have been going on since the world became connected (somewhere in 1992 or so), and have been getting prevalent and intricate - but they are not new.