2016 Postmortem
In reply to the discussion: Sanders campaign hints ‘hacker’ who accessed Clinton data may have been a DNC plant [View all]TheBlackAdder
(28,189 posts).
No data center secures by firewall alone.
That's just to suppress IP addresses from the outside and also between internal systems.
1) Userid security is required to lock down the applications and database records.
2) Session and Application tokens are required to further authenticate a session and prevent session hijacking.
3) Also, when a firewall goes down, the default security shouldn't be to authenticate/permit access, but to deny it!
There are so many flaws to the internals of this vendor's application design, since firewall checking implies that folks behind the firewall are allowed unrestricted access.
Could you imagine your bank allowing others access to your banking information because their firewall was down?
What's the point of having userids, if userid authentication isn't performed agaist the data?
.