Avatar of anishpeter
anishpeter
Flag for India asked on

Prevents hacking from internal users

Hello
I need your opinions in this particular scenario
In my corporate there are several and adequate controls to prevent an intruder from Accessing the Corporate LAN. But as per recent security audit review, there is question about what  if an internal user turned to be a hacker. Now every security Administrator may be facing the same issue. I think we can discuss and brainstorm this through the thread. I need to disscuss these
1. What all a user can do with L2 Secuirty - like intercepting packets in switch
2. How can he make use of the vulnerabilities in the  user applications like Adobe, Word and server side exploits ( throgh open ports in client machines)
3. How can user  attack Server  Applications like AD, Exchange etc
4. If there is is file system encryption like MS EFS, can the hacker able to steal data

Thanks,
Anish
SecurityVulnerabilitiesOS SecurityNetwork Security

Avatar of undefined
Last Comment
anishpeter

8/22/2022 - Mon
jdwheeler1981

Does your network have VLANs set up for different user groups/devices?  If not then that would definitely help out a lot.  Just set it up to where all of your users and NAS/SAN are on specific VLANs that are appropriate for them.  Then they won't be able to access the other devices because they will be completely cut off from them.
anishpeter

ASKER
I have the mentioned VLANS and Access List/Firewall rules all in place. Eventhough inside attacks is possible. More thoughts?
SOLUTION
arnold

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
anishpeter

ASKER
Hi Arnold,
Thanks for the response
I completely agree the action of a trusted user is not hacking but a threat. But it is happening
I ahve to address this,
first of all can you answer the other 2 issues
1.What all a user can do with L2 Secuirty - like intercepting packets in switch
4. If there is is file system encryption like MS EFS, can the hacker able to steal data
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
SOLUTION
Qlemo

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
arnold

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
anishpeter

ASKER
Thanks Arnold and Qlemo.  
You are right. Protection is at front door.  I have it also. I have almost 25 user vlans and 2 layer of firewalls. Here problem is that the mischievies users is inside the house.  and can reach the peers in his same vlan and can access mail, AD and ERP servers in designated ports.
Now I am confused about what is inside threat now. If a user has linux VM, meterpreter to exploit client side vulnerability of another system, what will I call it? is this i have to really worry?  which layer i will  address this issue - Network level or system or applicaions. pl comment
Qlemo

You will "address this issue" at every possible layer - all kind of attacks are feasible. Obviously capturing ethernet traffic with encrypted content (SSL, internal IPSec connections, other encrypted communication) is useless without further investigation and hacking on a higher level. Reading email passwords for SMTP/POP3 is easy that way.

Still, capturing traffic at L2 (network) isn't easy, as the switch will only forward broadcast traffic to every port. In every other case only source and target devices see the traffic. If the attacker manages to "mirror" traffic to a server, however, they can get at something useful for them. Of course you would not allow them to e.g. install network capturing software on a server ...
ASKER CERTIFIED SOLUTION
arnold

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
DarinTCH

control your systems also

lock down users to operating system X
unless they can show a vaild need
then if they have to use linux
control where they can go

use the FW - setup zones - limit the 'pool' that the user plays in

sounds like you might know where the weaknesses already are...
lock em down

scan their machines for apps that are not approved
try NEXPOSE or other vulberabilty scanners or a Enterprise AV

they will find ' hacker' software

I support thousands of users
Windows plays togehter in nice small 'pools" vLans --whatever

other systems Linux, Unix, MAC are controlled much more tightly

then monitor everything and tell everyone you are monitoring

finally you may need to make an example out of 1 or 2 to shake others to their senses
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
anishpeter

ASKER
Very healthy discussions