Once again I commissioned a CHECK penetration test. Once again we found the usual suspects.
- Patching not up to date
- Cross site scripting
- Weak protocols (FTP, but inside the data centre)
- Weak cyphers in SSL
- Weak cyphers in the iLo card
- SNMP v2
- Unused protocols open
I could have written the report myself and saved £10K.