Is it easy to steal your company’s server?
The title refers to the server as a service, not as hardware: it speaks about the data and the configuration, not the iron.
File Backup
Imagine that an attacker, called Dr. No, tries to steal data and IT infrastructure of a company. Our Dr. X may be an unfaithful employee, a consultant duplicitous or any other shady character; this has no relevance to this story.
With our friendly friend also affecting the programs that process the data: SQL Server, Windows Server, web servers, mail servers, business applications, and so on. All with relative activation keys, users, and configurations.
So Dr. X does not want only your data, but want to duplicate your IT structure. Years ago it was virtually impossible without theft or burglary, but now the technology of virtualization has changed the cards on the table and the following scenario is possible regardless of whether it was adopted by a virtualization farm victim.
We can start from a simple observation of the facts: for various reasons (all legitimate and acceptable) the amount of data on the servers of many companies is kept under strict and rigorous control. This is because the quality of server storage is expensive; users are not graphomania hardened and storage for backups where it is not expensive to be multiplied by the number of instances that you want to keep the business virtualisation and file backup.
The result is that they rarely the data and programs on the server of a medium sized company that does not treat multimedia is around half of a terabyte, often less than this value.
If at this time I go to an online retailer (take amazon, which is the first that comes to mind) I see that a 1 TB external USB drive can be obtained in the price 110 Euro, including VAT. I’m talking about a device in the size of a book and all the hardware that Dr. X needs for his evil purposes. Of course, I suppose that Dr. X has the administrative access to the computer system, but this was already in the introduction.
If your company has done already the image of the “disaster recovery” server, Dr. X will simply have to copy these images and restore them with the right software, that many times, you can download trial version from the vendor.
If there are no pictures of the server, then Dr. X can download free the VMware v Center Converter Standalone (or the equivalent for other virtualization systems), connect the hard drive 1 TB to a PC and launch from there virtualizing all the enterprise servers. If the PC has a connectivity of 1 Gbit / sec, a weekend is a time much more than enough to get images from the server PC and also of some importance.
On Monday, Dr. X can fit in a bag a box of 10 x 20 x 3 cm that contains all of your business and with that, he can recreate in a couple of days your IT infrastructure without having a hardware same as yours.
It is an exact copy of the information system ready to use, at the disposal of Dr. No, that can be used while having breakfast or playing with his kids (Dr kids).
