A VPN server that was bought for 99 pence proved to be a security nightmare as the new user found that it automatically connected itself to a council's private networks.
Andrew Mason from Random Storm picked up the Cisco Virtual Private Network for 99p from eBay in August, which connected itself to Kirklees Council's servers when plugged in.
The IP address was found to be owned by Capgemini, a managed services company, which provided networking to the council until 2005. The device was sold online by Manga-Fu, which sells second-hand IT equipment.
A Kirklees Council spokesperson said it was concerned by the report, but remained confident that ‘multiple layers of security' prevented access to data. A spokesperson said: “In the meantime the disposal process has been suspended until an investigation can be carried out and appropriate action taken.”
Richard Farnworth, General Manager Enterprise Solutions, NEC UK, said: “Protecting networking equipment and network topology is just as important in preventing security breaches as the recent spate of laptop, CD and memory stick losses we have seen. This latest announcement should not only act as a wake up call to others but demonstrated the growth in utility and appliance-style computing where the data and the intelligence is as much inherently ‘in' the network as those devices that connect to the network.
“As so much dependence is placed upon connectivity in the ‘networked society' we belong to, it is imperative that both public sector organisations and commercial businesses take special care when disposing of any IT products. It will not come as a surprise that many ‘black box' devices hold configuration information within them and even consumers have cottoned on to the importance of securing their wireless networks at home, wiping hard disk drives before disposing of PCs and clearing memory banks in mobile telephones before sending them off for recycling.
“Corporations and public sector organisations alike need to treat their information assets and information technology with the same care that they would when protecting their own personal data. Unfortunately, we no longer live in an era where we can keep our front doors open on our properties and in this instance the network was left wide open for anyone to walk in.”