post: Rough overview of the extended downtime from Jan 2023
This commit is contained in:
parent
db3ed9b0bd
commit
54d1fd5821
1 changed files with 50 additions and 0 deletions
50
src/postmortem/2023-01-12_Loss-of-network-access.md
Normal file
50
src/postmortem/2023-01-12_Loss-of-network-access.md
Normal file
|
|
@ -0,0 +1,50 @@
|
|||
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
|
||||
title = '2023-01-12 Loss of Network Access'
|
||||
date = 2023-01-12
|
||||
|
||||
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
|
||||
# 2023-01-12 Loss of Network Access Postmortem
|
||||
|
||||
Key people: Brendan (silver).
|
||||
|
||||
## What happened
|
||||
On 2023-01-12 we received an email from ITD stating that 193.1.99.123 was registered as an attack source by Heanet and external access was removed by ITD to contain it.
|
||||
Later the same day it had been upgraded to our entire subnet, the ITD security team saw our servers as a security risk.
|
||||
|
||||
## What was the root cause
|
||||
Unlike other incidents we knew from the outset what the root cause was.
|
||||
One of the Wordpress instances on www.skynet.ie decided its true calling was to become a spambot, this is what caught the attention of Heanet.
|
||||
|
||||
## Restoring network access
|
||||
In order to restore network access ITD had two requirements:
|
||||
|
||||
1. Servers are patched on both an OS & application level.
|
||||
2. Maintained in such a manner to prevent unauthorized access or misuse
|
||||
|
||||
|
||||
## Rebuilding services
|
||||
Due to the age of the software on virtually all machines in place upgrades were neither feasible nor maintainable.
|
||||
|
||||
As a result user data and config files were backed up from the servers that would be reused in the future.
|
||||
Other servers were archived in case of a need to get more data in the future.
|
||||
|
||||
Using the newest server with adequate hard drive bays Proxmox was installed.
|
||||
Various containers were then created to serve the roles needed to run the cluster.
|
||||
The OS chosen for these containers was NixOS, a config based operating system, which allows us to easily update with consistency.
|
||||
|
||||
This process took until the end of April.
|
||||
We were then able to request that ITD open specific ports for servers.
|
||||
Over the summer more services became active.
|
||||
|
||||
|
||||
## Outcomes
|
||||
As a result of all this:
|
||||
|
||||
* We have a far better relationship with ITD
|
||||
* We have reliable systems
|
||||
* We have improved security and access controls.
|
||||
* We have embraced automation
|
||||
* We are far more open and transparent (config is open source)
|
||||
|
||||
Loading…
Reference in a new issue