nickster911
asked on
Network discovery and file sharing: could our data have been accessed?
We have a fairly serious problem, but are hoping (!) we might be ok. The situation is: we foolishly left a backup of highly sensitive data in a shared folder on a wireless network in our business park. The data has been sitting in this folder for two months. It's no secret that one of our competitors in the same park is very interested in this information and they've been on the network for several months now.
The settings on the relevant Windows Vista workstation: Network Discovery was 'off', and the Location Type was set to 'Public'. But the shared folder had read access for 'Everyone'.
Today, when we added a new laptop to this network, we saw the shared folder and could access this data. However, it's worth noting this laptop had accessed the Vista workstation many times when both machines were on another network and had mapped drives etc. from that period, so we're hoping the laptop could do this because it had prior knowledge of the Vista workstation.
Assuming the competitor is tech-savvy and motivated to obtain the information and has a history of this kind of behaviour - but: does not know the PC name for the Vista machine, and is fairly unlikely to know the IP address, how exposed have we been these past two months? The wireless network is private and WPA-enabled. Tell me all is ok! :D
The settings on the relevant Windows Vista workstation: Network Discovery was 'off', and the Location Type was set to 'Public'. But the shared folder had read access for 'Everyone'.
Today, when we added a new laptop to this network, we saw the shared folder and could access this data. However, it's worth noting this laptop had accessed the Vista workstation many times when both machines were on another network and had mapped drives etc. from that period, so we're hoping the laptop could do this because it had prior knowledge of the Vista workstation.
Assuming the competitor is tech-savvy and motivated to obtain the information and has a history of this kind of behaviour - but: does not know the PC name for the Vista machine, and is fairly unlikely to know the IP address, how exposed have we been these past two months? The wireless network is private and WPA-enabled. Tell me all is ok! :D
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Keith.
I suppose the solution to this question needs to address two things. Firstly, how much protection is offered by Vista's Network Discovery = "off" and Location Type = "public"? Our current understanding is that the files could have been read by anyone authenticated on the network - and this is important: PROVIDING they knew the PC was present and then checked its shared folders. In theory the network users would not have known the PC was connected (we operate the central router) and would never have had reason to inspect its shared folders.
So the question is how much protection have those two settings been providing us? Enough to make it unlikely casual network users would ever notice?
Secondly - how could the workstation have been 'discovered' despite these settings, (e.g. please describe the simple IP broadcast technique), and we can simulate such an approach here and take a look at the consequences. Thanks.
I suppose the solution to this question needs to address two things. Firstly, how much protection is offered by Vista's Network Discovery = "off" and Location Type = "public"? Our current understanding is that the files could have been read by anyone authenticated on the network - and this is important: PROVIDING they knew the PC was present and then checked its shared folders. In theory the network users would not have known the PC was connected (we operate the central router) and would never have had reason to inspect its shared folders.
So the question is how much protection have those two settings been providing us? Enough to make it unlikely casual network users would ever notice?
Secondly - how could the workstation have been 'discovered' despite these settings, (e.g. please describe the simple IP broadcast technique), and we can simulate such an approach here and take a look at the consequences. Thanks.
ASKER
Best to point out, this isn't a major corporate espionage scenario. We're a couple of guys 4yrs into a start-up, and a recent source code backup has been sitting there exposed in this shared folder. The business park has a couple of other start-up companies, who are competitors, and are tech-minded but who are certinaly no network whizzes. Just website designers. So we'd feel comfortable if these two settings have protected us from cursory checks by other company's joining the shared network.
So again, under what circumstances would the data have been visible?
So again, under what circumstances would the data have been visible?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the laugh pwindell. It's a grey grey place when 4yrs of IP has been lying around through your own stupidity. One backup image in transit between your own machines back when you were the only one on the network, and you forget to clear out the share which for some (!?) reason was readable by "everyone". Startups have 100+ major issues to straighten out in their initial years, and in our case security took a back seat to every other daily matter.
I guess this thread will serve as a reminder that these things can and still do happen. From a technical viewpoint, pwindell and keith's answers imply the network discovery and "public" location settings aren't worth a bar of soap in terms of security. Right?
@CSIP, I've downloaded the utility, we're attaching another brand new laptop to the network this weekend and will take a look at what the new laptop can see - I imagine that's what will be most telling. Your comment is currently the most useful, because you're giving us a practical means to assess this problem.
Well, adapt and survive I guess.
I guess this thread will serve as a reminder that these things can and still do happen. From a technical viewpoint, pwindell and keith's answers imply the network discovery and "public" location settings aren't worth a bar of soap in terms of security. Right?
@CSIP, I've downloaded the utility, we're attaching another brand new laptop to the network this weekend and will take a look at what the new laptop can see - I imagine that's what will be most telling. Your comment is currently the most useful, because you're giving us a practical means to assess this problem.
Well, adapt and survive I guess.
You aren't the first to do it and certainly won't be the last. You don't need three of us giving you three different products, all of which will pick out your box in fairly short order (AirMagnet, AngryIP and loads of others) and then there is plethora of tools. Normally I wouldn't have worried about it for an afternoon but after months of being there....
<smiles> Like PWindell, I have enough points now that they are truly just for fun. Give them to CSIP, that's fine :) These days I just answer the questions that are posed. I don't compete anymore.
<smiles> Like PWindell, I have enough points now that they are truly just for fun. Give them to CSIP, that's fine :) These days I just answer the questions that are posed. I don't compete anymore.
I think I only looked at what questions were asked, and didn't complete anymore. Yea, some of the comments were to haveit a little fun. But I think the situation is pretty clear and everyone knows where it stands. Most everyone has probably had similar situations in varying degrees.
Just curious, this is a VISTA envrionment, but I don't see it any differently on a Windows 7 Ultimate or other upgraded envrionments. Working with friends in that setup and their environments, dealing with Network Discovery issues and Public versus Home (when homegroups are involved) pose any more risky issues.
Clearly just asking and definitely caring.
":0) Asta
Clearly just asking and definitely caring.
":0) Asta
ASKER
Seems to me the 'public location' settings do very little other than initialize the other security settings, which you can then go on to alter. In our case, we overrode the file and print sharing, and that's what's telling. Enable File Sharing and you should consider everything in your shared folders publicly available, esp. when shared with 'Everyone' :-/ The other settings are mostly irrelevant. With Network Discovery disabled, you can still be seen.
Lesson #1, is to treat the security from 'behind' with the same seriousness you treat the security on your deployed Production servers. We spent all our time locking down the compiled binaries etc. on our production box, we never noticed our raw source code was sitting there plain as day.
Lesson #2, grade your IP assets for the security needed, and the top-grade IP assets should never be stored in a shared folder, not even for a convenient transit. Keep track of where your backups are located.
Thanks for the comments guys.
Lesson #1, is to treat the security from 'behind' with the same seriousness you treat the security on your deployed Production servers. We spent all our time locking down the compiled binaries etc. on our production box, we never noticed our raw source code was sitting there plain as day.
Lesson #2, grade your IP assets for the security needed, and the top-grade IP assets should never be stored in a shared folder, not even for a convenient transit. Keep track of where your backups are located.
Thanks for the comments guys.
ASKER