Hacking through a firewall - How might it be accomplished?

Posted on 2006-05-07
Last Modified: 2013-12-04
I am a relative novice at Security.  I know enough to ensure that an active firewall is up, disabling unnecessary services, ensuring OS and application patch updates take place and that Antivirus (Norton) and Antispyware (MS Antispyware Beta) are running.

I have been working for the last 6 months in a small company with 5 Windows 2000 servers (webserver with access over SSL to customers for submitting forms into database which is also acting as a Globalscape FTP server, SQL database server, transaction server, FileServer, and an unused FTP Server) a proprietary SQL Medical database application, 12-13 desktop clients running either Win2k or XP and a woefully understaffed IT situation that was neglected for far too long. Each server is running at the same level/layer as the other servers behind the gateway. We have a new Dell 48 port 1gb managed switch.  I have as yet been unable to do a complete audit of running services on all of the machines.

I was brought in initially to do website work, some Access DB work and write a visual basic program for remapping some data in batch files so that they could be submitted into the proprietary database.

This is a peer to peer network where almost every client is being accessed by an Administrative account (I've already pushed numerous times to convert to a domain network and recommended that administrative accounts should not be logged into by users).  We have changed passwords on all Server Admin accts 2 months ago.  The network is not wireless (wired) but the internet access is achieved through a DSL gateway that is wireless to a tower nearby that is hooked into fiber.

We have at times had a passthrough for RDP in the gateway for tech support but we have been careful to disable it whenever the issue was taken care of.

Recently the CEO asked me if it was possible that a former IT employee might be capable of of surreptitiously accessing the network and reading the CEO's Email.  The statement was made that the suspect knew way more about confidential goings on in the company than they should.

I answered that I was not sure but that I would attempt to find out.

The few things I have read in the past lead me to believe that it is certainly possible.  If this is correct please respond with different ways that it might be accomplished and whatever recommendations you might have for hardening the network against such activity.  I suspect that we should be setting up auditing somewhere on one or more of these servers and monitoring them but I am uncertain which server I should begin with.

Also if anyone can recommend a good security book that won't take the rest of my life to read or understand, I would be greatful.

All responses aiding a novice will be appreciated.
Thank You

Question by:tometh
    LVL 16

    Accepted Solution


    Regardless of what you have said above it is illegal in US law for a former employee to do anything which allows him/her unauthorised access to your network or email.  If I was you I would suggest you ring you're local law enforcement for advice.  

    The easiest way to access someones mail is to get the email server to forward a copy to another address outside your network.  No need to hack anything - check your CEO's account.  

    I would speak to local law enforcement first though if your CEO is being serious.

    LVL 2

    Assisted Solution

    past admins can easily have access to your network. it is bad, very bad, for past admins / employees to leave disgruntled. I always advice companys to be on good terms with admins, even if they don't like them. they can get in through routers, firewalls, vnc, rdp, linux, windows, many ways. id change ceo passwords and all passwords to the system. check logs for strange entries

    LVL 4

    Expert Comment

    LVL 51

    Assisted Solution

    by:Keith Alabaster
    1. The first steps would be an audit.
    This may be something your colleagues are capable of doing, you may want to get professional assistance for it.
    Review the configuration of your external router and simply note the ports that are allowed to pass through.

    2. Decide on what traffic you want to let through and decide on the security policy you are looking to enforce.

    A simple mission statement approach is a starting point:
    We wish to allow Internet access to all authorised internal staff for email use & browsing.
    We wish to let authorised remote access from the Internet to specified machines for administrative purposes.
    We wish to allow authorised staff have secured remote access when working from home.

    Purchase a firewall device such as a Cisco PIX or equivalent type device
    One by one add the statements from your policy into Access Control Lists on the PIX.

    Sounds simplistic but this will harden your scenario, block unwanted traffic, allow you to see what traffic is passing etc.
    Someone on the inside sending data out? much more difficult though.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now