When I used to rack and stack servers, many moons ago, we would always connect them to a switch with LAN only so we could use SSH/SCP to harden them before they got exposed. This was for .gov stuff that would get attacked instantly.
Worked at a sloppy startup MSP. A few years after I left a former coworker told me they discovered (after they finally got an EDR) that all the pre-deploy boxes on the sandboxed LAN waiting to be moved to the datacenter were being compromised after the kickstarts finished. The deployment box had been owned since they didn’t deploy it in the sandbox, which didn’t exist at the time. Whoever did it kept from being detected for years. Then I guess they got bored and used the whole DC to DOS someone. He thinks they noticed the EDR and the gig was up. Good times.
When I used to rack and stack servers, many moons ago, we would always connect them to a switch with LAN only so we could use SSH/SCP to harden them before they got exposed. This was for .gov stuff that would get attacked instantly.
Worked at a sloppy startup MSP. A few years after I left a former coworker told me they discovered (after they finally got an EDR) that all the pre-deploy boxes on the sandboxed LAN waiting to be moved to the datacenter were being compromised after the kickstarts finished. The deployment box had been owned since they didn’t deploy it in the sandbox, which didn’t exist at the time. Whoever did it kept from being detected for years. Then I guess they got bored and used the whole DC to DOS someone. He thinks they noticed the EDR and the gig was up. Good times.