Link to home
Start Free TrialLog in
Avatar of bsharath
bsharathFlag for India

asked on

When a laptop of a different domain with no user credentials of the connected domain is connected.What all can he do.

Hi,

When a laptop of a different domain with no user credentials of the connected domain is connected.What all can he do.
What all can he be able to access.
He will automatically get an IP address other than that what level of access he will have.?

REgards
Sharath
SOLUTION
Avatar of purplepomegranite
purplepomegranite
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of JSoup
JSoup
Flag of United States of America image
This is truly a security question, and would more likely gotten more answers with more details If it were lodged with security as the category.
Little known information about your environment.  Depending on the size of the organization how well is funded security is almost always considered least importance.  
My scenario, base would is out of the box security, giving you an overall picture of the security impact of providing a local IP.
With IP.  A system can have access to the Internet, search for shares, shares opened up by users often do not have any security implementation.  He is likely able to print directly to the printer.  If the printers network connected is able to run scans on your entire network, he is able to grab and gather network packet information system that work is not encrypted.
Allowing a computer on a computer network that is not part of your network opens up to security vulnerabilities and you cannot control.
On a scale of one to 10 security impact can be as high as 10 with out-of-the-box security.  A domain login may control the resources of your domain, but this PC is not your control.  It can do anything it wants.
Avatar of bsharath
bsharath
Flag of India image

ASKER

Ok thanks a lot...
If the Domain user creates a shere with Everyone full access.Then can the Laptop out of Domain Machine access the Folder content.
ASKER CERTIFIED SOLUTION
Avatar of JSoup
JSoup
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
I can't add to that :-)
Avatar of JSoup
JSoup
Flag of United States of America image
http://64.233.169.104/search?q=cache:jk1sTRGUkiYJ:www.jeremiad.org/downloads/Why%2520DHCP%2520Deserves%2520More%2520Love%2520(release).odt+non-domain+IP+security+risk+XP&hl=en&ct=clnk&cd=17&gl=us

Malicious uses of DHCP


Using DHCP, an attacker who sets up a malicious DHCP server onsite can alter the IP addressing and subnetting, DNS, and routing on any host, allowing the attacker to manipulate this with potentially with no knowledge by (or visible disruption to) the user. At the very least, this would allow an intruder to cause massive disruption to a network as client computers had DHCP leases expire and were issued new leases by a rogue DHCP server, causing a total loss of connectivity.


This specific issue in itself is something which we can see has undergone consideration by Microsoft at one level  DHCP servers in a windows domain require authorisation, a process by which a DHCP server which is a member of the windows network is, essentially, told that it is not allowed to run until it is successfully registered with the central list of authorised DHCP servers, preventing to some degree a malicious or incompetent administrator from causing this sort of disruption through use of a windows server which is a member of the domain on the network. This measure alone, however, does not (and necessarily can not) protect against a windows DHCP server (or any other, for that matter) which is not part of the domain, and is a basic security measure designed to guard against a casual attack or mistake at best, and relies upon the good intentions of the DHCP server process in obeying the instructions of the server telling it not to operate, and the good administration of the network, as a malicious administrator may well have access to authorise his own DHCP Server (or simply disjoin the server from the domain).


Not all issues with DHCP even arise from the risk posed by servers  another potential Denial of Service attack could result from clients. Most DHCP servers have no mechanism designed to protect against a client taking out multiple DHCP leases with faked MAC addresses. Any client doing this could effectively negate any other clients from joining onto the network by taking out a large number of leases, as there would be no available network addresses to allocate the new hosts. This is an attack which is also relatively simple to carry out (although slightly more complicated than the attack mentioned above).


In a demonstration in November of 2005 for an audience at the British Computing Society in Dundee based on a pre-publication version of this talk, the author chose to do this with no more than the 'ifconfig' command in linux, the Internet Systems Consortium DHCP Client (dhclient), and a simple bash script. The choice to use these was made ostensibly to demonstrate the ubiquitous and non-unique nature of the software required to abuse DHCP.

Avatar of bsharath
bsharath
Flag of India image

ASKER

Thanks JSoup