Do You Really Know What’s on Your Network?

Thursday, May 05, 2011

Global Knowledge

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Article by Ted Dziekanowski

The problem we have is that there are lots of things on networks that aren’t computers in the traditional sense but have access or provide access to data either physically or logically.

I was listening to a Pauldotcom security podcast (audiovideo iTunes links, some occasional rough language), and two presenters on the Episode 237 podcast bring the point home.

Organizations are vulnerable to Advanced Persistant Threats where the bad guys are always finding new ways to exploit vulnerabilities, and the good guys have to defend against every possibility.

Attack vectors arise often from the things that are considered the most innocuous in our everyday environments. Two examples, Access Cards and Multifunction Printers, and newly their discovered weaknesses were the focus of the podcast.

What two Texas researchers, Michael Gough and Ian Robertson, have discovered — the YouTube videos are scary - is that most access card systems now use web servers to provide remote access and are installed with lots of vulnerable services left running and with the default passwords (which are easy to find).

A simple Android app called Caribou is able to open doors with a simple push of a button once the IP address of the server is identified. When you think of the number of access card systems installed in HOA’s and businesses across the nation, the enormity of the risk becomes easily apparent.

The lesson here is to only hire qualified installers who emphasize the technical and physical aspects of security.

Deral Heiland “PercX” and Pete Arzamendi “Bokojan” were also on the podcast, and they discussed multifunction printers. Using a tool they developed called Praeda they discovered that printers had accounts with rights to Active Directory, file shares and SharePoint servers.

When you think about the fact that printers can now send email messages, the possibilities of data breaches and denial of service attacks should be a cause for concern - especially given the fact that patching printers is not usually high on the checklists of most system administrators.

While monitoring user access and account management can somewhat mitigate the risk, a more comprehensive risk management methodology to deal with new technologies is called for.

Security that only deals with Computer Systems is, as we have just discussed, overlooking huge holes in the overall IT environment that truly compromises the confidentiality, integrity, and availability of the data you are the custodian of.

Cross-posted from Global Knowledge

Possibly Related Articles:
12134
Network->General
Information Security
malware Attacks Advanced Persistent Threats Network Security Information Security IDS/IPS
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.