Ways to exploit a simple network?

I have a simple network as per diagram below.

Assuming my public IP address is known to the intruder, what ways could one use to gain access to my network and use a browser to visit websites whilst masked by my IP address?

There are no firewalls or AV present, ports 70, 80, 443, 3389, 25, 21 are open.
Who is Participating?

Improve company productivity with a Business Account.Sign Up

CompProbSolvConnect With a Mentor Commented:
One possibility is to connect to your terminal server and then go back out on the internet from a browser running on it.  One would need to know (or guess) an appropriate login name and password to accomplish that.

To follow on Korbus's answer, if you were browsing and were not well protected nor careful enough, you could have software installed on your computer without being aware of it.  Someone from the outside could route their packets through the software such that their browsing of the internet appears to originate from your site.

Another possibility is to connect to your wireless (if physically close enough) and then browse the internet from there.
If your users browse the internet,  you must protect your workstations from infection.  Simply going to the wrong website without the proper, fully updated, AV software can compromise your system.  Once this is done, and you have a compromised system on your network, your network can no longher be considered secure.

This is the most common way I have seen networks compromizsed.
cgruberAuthor Commented:
Thanks. How does this relate to my question though?

I want to know how someone outside the LAN could access my network to use a browser, to browse websites.
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

What are you concerned about people accessing in your network? If your terminal server was compromised then they could access it and browse from there, if terminal services are published to the outside.

For someone to get in, they would have to compromise your router or TS server. Router is not very likely unless you have a crap password. If the ts sever is patched and secured correctly you should be safe.
Well, lets say one of your workstations is compromised by hostile software.  Once the system is comprimised, it could allow an attacker to take full MANUAL control of the system.  
It would do this by reach OUT through your firewall to the attacker.  
Once controlling your workstation through the outbound hole it makes in the firewall, the attacker could then use this to browse the web from that system, or even use it as a source to hack other systems.

Is that clear?  Or do you want more details?
R. Andrew KoffronCommented:
hmm, sounds like a Hacker101 question.

I'd recommend reading up on security best practices. work this problem backwards, this isn't a hacker school and I imagine I'm not the only person that isn't completely comfortable spewing out a bunch of info that could be used for nefarious purposes. (not to imply that's your intent).

get a firewall with Intrusion detection, close all ports not needed.

If there's no firewall how is there a list of open ports. an exposed network will have many ports open.

while not a firewall a simple router is actually a pretty good stop-gap against any amateur
cgruberAuthor Commented:
CompProbSolv: Thanks for the answer, it is the most appropriate out of all.

In reality, how difficult would it be to guess a regular TS password? eg: John000
The same question applies to connecting to wifi physically.
cgruberAuthor Commented:
Korbus: Thats clear. However my question relates to gaining access from outside, without help from inside the LAN (such as software to compromise security being accessed by a user on the LAN).

For this purpose, the LAN/Office is unattended - PCs are turned on but not used by anyone.
ryan80Connect With a Mentor Commented:
It depends on how your AD is configured. If you lockout accounts after a number of tried, as long as you have complexity to your passwords you should be safe. For Wi-Fi use wpa2.

For what you are doing, a router will do just as well as a firewall.

Most attacks are based off of compromising an internal computer and then launching from there. It is just easier to get a compromised computer than brute attack a network.  If you are only publishing a ts login then you should be safe. Of course base your security off of the value of your data.
KorbusConnect With a Mentor Commented:
My real world experience:

I was administerting a network that was subject to brute force Terminal Server attacks.  They were never able to get in, our passwords were simply too strong.  Not wanting to press our luck, we eventually changed our terminal server port to a custom value, which was a pain for users, but it hid us from further attacks.  (Microsoft does NOT have software in teminal server to detect this type of attack, and to a firewall it would look like normal terminal-sever traffic.)

"Port Scanning" is a tequnique they might have tried to find our new TS port, where they basically try talking to all ports and see what reply they get,  but some advanced firewalls can detect and block IP's exhibiting this behavior.
cgruberAuthor Commented:
Thanks. You say: "It is just easier to get a compromised computer than brute attack a network."

What are the most common ways one would attempt to compromise a computer?

Are keyloggers still used, or thats just old technique?
cgruberAuthor Commented:
Thanks Korbus, that is good info. Although I would imagine a password such as John000 would be relatively simple to crack using brute force.
For cracking passwords they need to be able to run the possibilities, so if ad locks the account after a number of failed attempts that will prevent this. Realistically you don't have to worry about this as long as there is a lockout and some kind of complexity.

Most common way to compromise a computer is by the user. Have them download a virus through email or a site. That is how RSA was hacked. It isn't worth the time off an attacker to find a vulnerability in the public facing infrastructure instead of getting a user to click on something, most of the time.
Time and time again, users will be the weak point in security. If you were to do a spear fishing attack test, you would probably be shocked by the results. It is always surprising how many people will enter their username and password into a site that looks similar to what they expect.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.