American Water Works Co. Inc., which supplies drinking water and wastewater services to more than 14 million people, said hackers had breached its computer networks and systems.
Why the hell is there any path from the internet to any system?
Layers, and layers, and proper isolation with proper 2FA.
Just yesterday I got a notification from my 2FA about someone trying to login to a system I work on. Since I didn’t know of any scheduled work, I was justifiably concerned, but only a little, since 2FA was blocking them.
Turns out it was a coworker who needed to check something, and was having issues with 2FA.
We can’t directly access any of the secure systems from outside - we have to VPN in (2FA), then hit an RDP/SSH server (another 2FA) that gives us control over the more secure systems. No other network traffic is permitted between the secure network and the regular corporate (workstation) network.