In response to the news story that thousands of etcd installs are leaking secret server keys online, Zohar Alon, the Co-Founder and CEO at Dome9 commented below.
Zohar Alon, Co-Founder and CEO at Dome9:
“The case of the etcd database leak is particularly ironic, as it is a service used to store sensitive information like passwords and configuration settings, and its default configuration allows the data to be accessed without authentication. This is yet another unfortunate example of organizations not placing appropriate emphasis on the security of valuable assets. There were two levels of security failure here — one, no password protection for the service by default, and two, servers with ports exposed to the whole world when they should have been locked down. When using any software — including open source — administrators need to understand what the default settings are and take responsibility for locking them down. They should also adopt a closed-by-default posture to network security, locking down ports that do not need to be exposed.”