• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 544
  • Last Modified:

Hacking through a firewall - How might it be accomplished?

I am a relative novice at Security.  I know enough to ensure that an active firewall is up, disabling unnecessary services, ensuring OS and application patch updates take place and that Antivirus (Norton) and Antispyware (MS Antispyware Beta) are running.

I have been working for the last 6 months in a small company with 5 Windows 2000 servers (webserver with access over SSL to customers for submitting forms into database which is also acting as a Globalscape FTP server, SQL database server, transaction server, FileServer, and an unused FTP Server) a proprietary SQL Medical database application, 12-13 desktop clients running either Win2k or XP and a woefully understaffed IT situation that was neglected for far too long. Each server is running at the same level/layer as the other servers behind the gateway. We have a new Dell 48 port 1gb managed switch.  I have as yet been unable to do a complete audit of running services on all of the machines.

I was brought in initially to do website work, some Access DB work and write a visual basic program for remapping some data in batch files so that they could be submitted into the proprietary database.

This is a peer to peer network where almost every client is being accessed by an Administrative account (I've already pushed numerous times to convert to a domain network and recommended that administrative accounts should not be logged into by users).  We have changed passwords on all Server Admin accts 2 months ago.  The network is not wireless (wired) but the internet access is achieved through a DSL gateway that is wireless to a tower nearby that is hooked into fiber.

We have at times had a passthrough for RDP in the gateway for tech support but we have been careful to disable it whenever the issue was taken care of.

Recently the CEO asked me if it was possible that a former IT employee might be capable of of surreptitiously accessing the network and reading the CEO's Email.  The statement was made that the suspect knew way more about confidential goings on in the company than they should.

I answered that I was not sure but that I would attempt to find out.

The few things I have read in the past lead me to believe that it is certainly possible.  If this is correct please respond with different ways that it might be accomplished and whatever recommendations you might have for hardening the network against such activity.  I suspect that we should be setting up auditing somewhere on one or more of these servers and monitoring them but I am uncertain which server I should begin with.

Also if anyone can recommend a good security book that won't take the rest of my life to read or understand, I would be greatful.

All responses aiding a novice will be appreciated.
Thank You

3 Solutions
WadskiIT DirectorCommented:

Regardless of what you have said above it is illegal in US law for a former employee to do anything which allows him/her unauthorised access to your network or email.  If I was you I would suggest you ring you're local law enforcement for advice.  

The easiest way to access someones mail is to get the email server to forward a copy to another address outside your network.  No need to hack anything - check your CEO's account.  

I would speak to local law enforcement first though if your CEO is being serious.

past admins can easily have access to your network. it is bad, very bad, for past admins / employees to leave disgruntled. I always advice companys to be on good terms with admins, even if they don't like them. they can get in through routers, firewalls, vnc, rdp, linux, windows, many ways. id change ceo passwords and all passwords to the system. check logs for strange entries

Keith AlabasterEnterprise ArchitectCommented:
1. The first steps would be an audit.
This may be something your colleagues are capable of doing, you may want to get professional assistance for it.
Review the configuration of your external router and simply note the ports that are allowed to pass through.

2. Decide on what traffic you want to let through and decide on the security policy you are looking to enforce.

A simple mission statement approach is a starting point:
We wish to allow Internet access to all authorised internal staff for email use & browsing.
We wish to let authorised remote access from the Internet to specified machines for administrative purposes.
We wish to allow authorised staff have secured remote access when working from home.

Purchase a firewall device such as a Cisco PIX or equivalent type device
One by one add the statements from your policy into Access Control Lists on the PIX.

Sounds simplistic but this will harden your scenario, block unwanted traffic, allow you to see what traffic is passing etc.
Someone on the inside sending data out? much more difficult though.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now