Network discovery and file sharing: could our data have been accessed?

We have a fairly serious problem, but are hoping (!) we might be ok. The situation is: we foolishly left a backup of highly sensitive data in a shared folder on a wireless network in our business park. The data has been sitting in this folder for two months. It's no secret that one of our competitors in the same park is very interested in this information and they've been on the network for several months now.

The settings on the relevant Windows Vista workstation: Network Discovery was 'off', and the Location Type was set to 'Public'. But the shared folder had read access for 'Everyone'.

Today, when we added a new laptop to this network, we saw the shared folder and could access this data. However, it's worth noting this laptop had accessed the Vista workstation many times when both machines were on another network and had mapped drives etc. from that period, so we're hoping the laptop could do this because it had prior knowledge of the Vista workstation.

Assuming the competitor is tech-savvy and motivated to obtain the information and has a history of this kind of behaviour - but: does not know the PC name for the Vista machine, and is fairly unlikely to know the IP address, how exposed have we been these past two months? The wireless network is private and WPA-enabled. Tell me all is ok! :D
nickster911Asked:
Who is Participating?
 
CSIPComputingCommented:
Use a uitlity such as "Angry IP Scanner" on your network, to see if this suspect vista box shows up in that scan.

That will tell you if a casual IP scan would have shown up the Vista machine you are worried about.

Bear in mind this is a *casual* scan, i.e. something used "just to have a look around"!
0
 
nickster911Author Commented:
I should also mention, the first thing this competitor will have done when joining the network two months back would have been to use all common means to investigate what was visible.
0
 
Keith AlabasterEnterprise ArchitectCommented:
The obvious answer is completely exposed. Whether the competition is tech-savvy or not is immaterial, the fact that the data was on the network with just a WPA key protecting it means that anyone could have gained access when in range of the wireless access point.

If the competition - or anyone that may have an interest in your data - was that unscrupulous then they could well have approached someone in your outfit who knew the password. A simple ip broadcast would provide responses from active devices on the subnet and then it is quite simple to get the data itself as read-only rights were assigned to the EVERYONE group.



0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
nickster911Author Commented:
Thanks Keith.

I suppose the solution to this question needs to address two things. Firstly, how much protection is offered by Vista's Network Discovery = "off" and Location Type = "public"? Our current understanding is that the files could have been read by anyone authenticated on the network - and this is important: PROVIDING they knew the PC was present and then checked its shared folders. In theory the network users would not have known the PC was connected (we operate the central router) and would never have had reason to inspect its shared folders.

So the question is how much protection have those two settings been providing us? Enough to make it unlikely casual network users would ever notice?

Secondly - how could the workstation have been 'discovered' despite these settings, (e.g. please describe the simple IP broadcast technique), and we can simulate such an approach here and take a look at the consequences. Thanks.
0
 
nickster911Author Commented:
Best to point out, this isn't a major corporate espionage scenario. We're a couple of guys 4yrs into a start-up, and a recent source code backup has been sitting there exposed in this shared folder. The business park has a couple of other start-up companies, who are competitors, and are tech-minded but who are certinaly no network whizzes. Just website designers. So we'd feel comfortable if these two settings have protected us from cursory checks by other company's joining the shared network.

So again, under what circumstances would the data have been visible?
0
 
pwindellCommented:
Let's summarize this,...it isn't that complex.

1. It was exposed and read-only access was open to the public

2. The Wireless network was open to other people, and other people were in fact on the network  (wireless -vs- wired is irrelevant,...and network is a network,..if people are on it, then they are on it)

3. If anyone saw the machine, found the share, found the file,...then they saw it,...they just saw it,...end of story.  There was nothing in place to prevent them from seeing it other then the random chance that they may have or not have stumbled onto it.  No one has to be network savvy to find it,...a complete idiot could have just as easily stumbled onto it. The Janitor probably could have stumbled onto it with his iPAD sitting on a bucket in the broom closet on his break while checking out Internet porn.

4. The Network Discovery thing is totally irrelevant for the most part
0
 
nickster911Author Commented:
Thanks for the laugh pwindell. It's a grey grey place when 4yrs of IP has been lying around through your own stupidity. One backup image in transit between your own machines back when you were the only one on the network, and you forget to clear out the share which for some (!?) reason was readable by "everyone". Startups have 100+ major issues to straighten out in their initial years, and in our case security took a back seat to every other daily matter.

I guess this thread will serve as a reminder that these things can and still do happen. From a technical viewpoint, pwindell and keith's answers imply the network discovery and "public" location settings aren't worth a bar of soap in terms of security. Right?

@CSIP, I've downloaded the utility, we're attaching another brand new laptop to the network this weekend and will take a look at what the new laptop can see - I imagine that's what will be most telling. Your comment is currently the most useful, because you're giving us a practical means to assess this problem.

Well, adapt and survive I guess.
0
 
Keith AlabasterEnterprise ArchitectCommented:
You aren't the first to do it and certainly won't be the last. You don't need three of us giving you three different products, all of which will pick out your box in fairly short order (AirMagnet, AngryIP and loads of others) and then there is plethora of tools. Normally I wouldn't have worried about it for an afternoon but after months of being there....

<smiles> Like PWindell, I have enough points now that they are truly just for fun. Give them to CSIP, that's fine :)  These days I just answer the questions that are posed. I don't compete anymore.

0
 
pwindellCommented:
I think I only looked at what questions were asked, and didn't complete anymore.  Yea, some of the comments were to haveit a little fun.  But I think the situation is pretty clear and everyone knows where it stands.  Most everyone has probably had similar situations in varying degrees.
0
 
Asta CuTechnical consultant & graphic designCommented:
Just curious, this is a VISTA envrionment, but I don't see it any differently on a Windows 7 Ultimate or other upgraded  envrionments.  Working with friends in that setup and their environments, dealing with Network Discovery issues and Public versus Home (when homegroups are involved) pose any more risky issues.  

Clearly just asking and definitely caring.

":0)  Asta
0
 
nickster911Author Commented:
Seems to me the 'public location' settings do very little other than initialize the other security settings, which you can then go on to alter. In our case, we overrode the file and print sharing, and that's what's telling. Enable File Sharing and you should consider everything in your shared folders publicly available, esp. when shared with 'Everyone' :-/ The other settings are mostly irrelevant. With Network Discovery disabled, you can still be seen.

Lesson #1, is to treat the security from 'behind' with the same seriousness you treat the security on your deployed Production servers. We spent all our time locking down the compiled binaries etc. on our production box, we never noticed our raw source code was sitting there plain as day.

Lesson #2, grade your IP assets for the security needed, and the top-grade IP assets should never be stored in a shared folder, not even for a convenient transit. Keep track of where your backups are located.    

Thanks for the comments guys.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.