Link to home
Create AccountLog in
Avatar of anishpeter
anishpeterFlag for India

asked on

Prevents hacking from internal users

Hello
I need your opinions in this particular scenario
In my corporate there are several and adequate controls to prevent an intruder from Accessing the Corporate LAN. But as per recent security audit review, there is question about what  if an internal user turned to be a hacker. Now every security Administrator may be facing the same issue. I think we can discuss and brainstorm this through the thread. I need to disscuss these
1. What all a user can do with L2 Secuirty - like intercepting packets in switch
2. How can he make use of the vulnerabilities in the  user applications like Adobe, Word and server side exploits ( throgh open ports in client machines)
3. How can user  attack Server  Applications like AD, Exchange etc
4. If there is is file system encryption like MS EFS, can the hacker able to steal data

Thanks,
Anish
Avatar of jdwheeler1981
jdwheeler1981

Does your network have VLANs set up for different user groups/devices?  If not then that would definitely help out a lot.  Just set it up to where all of your users and NAS/SAN are on specific VLANs that are appropriate for them.  Then they won't be able to access the other devices because they will be completely cut off from them.
Avatar of anishpeter

ASKER

I have the mentioned VLANS and Access List/Firewall rules all in place. Eventhough inside attacks is possible. More thoughts?
SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Hi Arnold,
Thanks for the response
I completely agree the action of a trusted user is not hacking but a threat. But it is happening
I ahve to address this,
first of all can you answer the other 2 issues
1.What all a user can do with L2 Secuirty - like intercepting packets in switch
4. If there is is file system encryption like MS EFS, can the hacker able to steal data
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Thanks Arnold and Qlemo.  
You are right. Protection is at front door.  I have it also. I have almost 25 user vlans and 2 layer of firewalls. Here problem is that the mischievies users is inside the house.  and can reach the peers in his same vlan and can access mail, AD and ERP servers in designated ports.
Now I am confused about what is inside threat now. If a user has linux VM, meterpreter to exploit client side vulnerability of another system, what will I call it? is this i have to really worry?  which layer i will  address this issue - Network level or system or applicaions. pl comment
You will "address this issue" at every possible layer - all kind of attacks are feasible. Obviously capturing ethernet traffic with encrypted content (SSL, internal IPSec connections, other encrypted communication) is useless without further investigation and hacking on a higher level. Reading email passwords for SMTP/POP3 is easy that way.

Still, capturing traffic at L2 (network) isn't easy, as the switch will only forward broadcast traffic to every port. In every other case only source and target devices see the traffic. If the attacker manages to "mirror" traffic to a server, however, they can get at something useful for them. Of course you would not allow them to e.g. install network capturing software on a server ...
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
control your systems also

lock down users to operating system X
unless they can show a vaild need
then if they have to use linux
control where they can go

use the FW - setup zones - limit the 'pool' that the user plays in

sounds like you might know where the weaknesses already are...
lock em down

scan their machines for apps that are not approved
try NEXPOSE or other vulberabilty scanners or a Enterprise AV

they will find ' hacker' software

I support thousands of users
Windows plays togehter in nice small 'pools" vLans --whatever

other systems Linux, Unix, MAC are controlled much more tightly

then monitor everything and tell everyone you are monitoring

finally you may need to make an example out of 1 or 2 to shake others to their senses
Very healthy discussions