asked on Prevents hacking from internal users
Hello
I need your opinions in this particular scenario
In my corporate there are several and adequate controls to prevent an intruder from Accessing the Corporate LAN. But as per recent security audit review, there is question about what if an internal user turned to be a hacker. Now every security Administrator may be facing the same issue. I think we can discuss and brainstorm this through the thread. I need to disscuss these
1. What all a user can do with L2 Secuirty - like intercepting packets in switch
2. How can he make use of the vulnerabilities in the user applications like Adobe, Word and server side exploits ( throgh open ports in client machines)
3. How can user attack Server Applications like AD, Exchange etc
4. If there is is file system encryption like MS EFS, can the hacker able to steal data
Thanks,
Anish
I need your opinions in this particular scenario
In my corporate there are several and adequate controls to prevent an intruder from Accessing the Corporate LAN. But as per recent security audit review, there is question about what if an internal user turned to be a hacker. Now every security Administrator may be facing the same issue. I think we can discuss and brainstorm this through the thread. I need to disscuss these
1. What all a user can do with L2 Secuirty - like intercepting packets in switch
2. How can he make use of the vulnerabilities in the user applications like Adobe, Word and server side exploits ( throgh open ports in client machines)
3. How can user attack Server Applications like AD, Exchange etc
4. If there is is file system encryption like MS EFS, can the hacker able to steal data
Thanks,
Anish
SecurityVulnerabilitiesOS SecurityNetwork Security
Last Comment
anishpeter
Does your network have VLANs set up for different user groups/devices? If not then that would definitely help out a lot. Just set it up to where all of your users and NAS/SAN are on specific VLANs that are appropriate for them. Then they won't be able to access the other devices because they will be completely cut off from them.
ASKER
I have the mentioned VLANS and Access List/Firewall rules all in place. Eventhough inside attacks is possible. More thoughts?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi Arnold,
Thanks for the response
I completely agree the action of a trusted user is not hacking but a threat. But it is happening
I ahve to address this,
first of all can you answer the other 2 issues
1.What all a user can do with L2 Secuirty - like intercepting packets in switch
4. If there is is file system encryption like MS EFS, can the hacker able to steal data
Thanks for the response
I completely agree the action of a trusted user is not hacking but a threat. But it is happening
I ahve to address this,
first of all can you answer the other 2 issues
1.What all a user can do with L2 Secuirty - like intercepting packets in switch
4. If there is is file system encryption like MS EFS, can the hacker able to steal data
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks Arnold and Qlemo.
You are right. Protection is at front door. I have it also. I have almost 25 user vlans and 2 layer of firewalls. Here problem is that the mischievies users is inside the house. and can reach the peers in his same vlan and can access mail, AD and ERP servers in designated ports.
Now I am confused about what is inside threat now. If a user has linux VM, meterpreter to exploit client side vulnerability of another system, what will I call it? is this i have to really worry? which layer i will address this issue - Network level or system or applicaions. pl comment
You are right. Protection is at front door. I have it also. I have almost 25 user vlans and 2 layer of firewalls. Here problem is that the mischievies users is inside the house. and can reach the peers in his same vlan and can access mail, AD and ERP servers in designated ports.
Now I am confused about what is inside threat now. If a user has linux VM, meterpreter to exploit client side vulnerability of another system, what will I call it? is this i have to really worry? which layer i will address this issue - Network level or system or applicaions. pl comment
You will "address this issue" at every possible layer - all kind of attacks are feasible. Obviously capturing ethernet traffic with encrypted content (SSL, internal IPSec connections, other encrypted communication) is useless without further investigation and hacking on a higher level. Reading email passwords for SMTP/POP3 is easy that way.
Still, capturing traffic at L2 (network) isn't easy, as the switch will only forward broadcast traffic to every port. In every other case only source and target devices see the traffic. If the attacker manages to "mirror" traffic to a server, however, they can get at something useful for them. Of course you would not allow them to e.g. install network capturing software on a server ...
Still, capturing traffic at L2 (network) isn't easy, as the switch will only forward broadcast traffic to every port. In every other case only source and target devices see the traffic. If the attacker manages to "mirror" traffic to a server, however, they can get at something useful for them. Of course you would not allow them to e.g. install network capturing software on a server ...
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
control your systems also
lock down users to operating system X
unless they can show a vaild need
then if they have to use linux
control where they can go
use the FW - setup zones - limit the 'pool' that the user plays in
sounds like you might know where the weaknesses already are...
lock em down
scan their machines for apps that are not approved
try NEXPOSE or other vulberabilty scanners or a Enterprise AV
they will find ' hacker' software
I support thousands of users
Windows plays togehter in nice small 'pools" vLans --whatever
other systems Linux, Unix, MAC are controlled much more tightly
then monitor everything and tell everyone you are monitoring
finally you may need to make an example out of 1 or 2 to shake others to their senses
lock down users to operating system X
unless they can show a vaild need
then if they have to use linux
control where they can go
use the FW - setup zones - limit the 'pool' that the user plays in
sounds like you might know where the weaknesses already are...
lock em down
scan their machines for apps that are not approved
try NEXPOSE or other vulberabilty scanners or a Enterprise AV
they will find ' hacker' software
I support thousands of users
Windows plays togehter in nice small 'pools" vLans --whatever
other systems Linux, Unix, MAC are controlled much more tightly
then monitor everything and tell everyone you are monitoring
finally you may need to make an example out of 1 or 2 to shake others to their senses
ASKER
Very healthy discussions