Solved

Ways to exploit a simple network?

Posted on 2014-01-05
14
524 Views
Last Modified: 2014-01-05
I have a simple network as per diagram below.

Assuming my public IP address is known to the intruder, what ways could one use to gain access to my network and use a browser to visit websites whilst masked by my IP address?

There are no firewalls or AV present, ports 70, 80, 443, 3389, 25, 21 are open.
setup.jpg
0
Comment
Question by:cgruber
  • 5
  • 4
  • 3
  • +2
14 Comments
 
LVL 10

Expert Comment

by:Korbus
ID: 39757743
If your users browse the internet,  you must protect your workstations from infection.  Simply going to the wrong website without the proper, fully updated, AV software can compromise your system.  Once this is done, and you have a compromised system on your network, your network can no longher be considered secure.

This is the most common way I have seen networks compromizsed.
0
 

Author Comment

by:cgruber
ID: 39757744
Thanks. How does this relate to my question though?

I want to know how someone outside the LAN could access my network to use a browser, to browse websites.
0
 
LVL 12

Expert Comment

by:ryan80
ID: 39757761
What are you concerned about people accessing in your network? If your terminal server was compromised then they could access it and browse from there, if terminal services are published to the outside.

For someone to get in, they would have to compromise your router or TS server. Router is not very likely unless you have a crap password. If the ts sever is patched and secured correctly you should be safe.
0
 
LVL 10

Expert Comment

by:Korbus
ID: 39757762
Well, lets say one of your workstations is compromised by hostile software.  Once the system is comprimised, it could allow an attacker to take full MANUAL control of the system.  
It would do this by reach OUT through your firewall to the attacker.  
Once controlling your workstation through the outbound hole it makes in the firewall, the attacker could then use this to browse the web from that system, or even use it as a source to hack other systems.


Is that clear?  Or do you want more details?
0
 
LVL 20

Accepted Solution

by:
CompProbSolv earned 167 total points
ID: 39757764
One possibility is to connect to your terminal server and then go back out on the internet from a browser running on it.  One would need to know (or guess) an appropriate login name and password to accomplish that.

To follow on Korbus's answer, if you were browsing and were not well protected nor careful enough, you could have software installed on your computer without being aware of it.  Someone from the outside could route their packets through the software such that their browsing of the internet appears to originate from your site.

Another possibility is to connect to your wireless (if physically close enough) and then browse the internet from there.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 39757771
hmm, sounds like a Hacker101 question.

I'd recommend reading up on security best practices. work this problem backwards, this isn't a hacker school and I imagine I'm not the only person that isn't completely comfortable spewing out a bunch of info that could be used for nefarious purposes. (not to imply that's your intent).

get a firewall with Intrusion detection, close all ports not needed.

If there's no firewall how is there a list of open ports. an exposed network will have many ports open.

while not a firewall a simple router is actually a pretty good stop-gap against any amateur
0
 

Author Comment

by:cgruber
ID: 39757782
CompProbSolv: Thanks for the answer, it is the most appropriate out of all.

In reality, how difficult would it be to guess a regular TS password? eg: John000
The same question applies to connecting to wifi physically.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:cgruber
ID: 39757792
Korbus: Thats clear. However my question relates to gaining access from outside, without help from inside the LAN (such as software to compromise security being accessed by a user on the LAN).

For this purpose, the LAN/Office is unattended - PCs are turned on but not used by anyone.
0
 
LVL 12

Assisted Solution

by:ryan80
ryan80 earned 167 total points
ID: 39757801
It depends on how your AD is configured. If you lockout accounts after a number of tried, as long as you have complexity to your passwords you should be safe. For Wi-Fi use wpa2.

For what you are doing, a router will do just as well as a firewall.

Most attacks are based off of compromising an internal computer and then launching from there. It is just easier to get a compromised computer than brute attack a network.  If you are only publishing a ts login then you should be safe. Of course base your security off of the value of your data.
0
 
LVL 10

Assisted Solution

by:Korbus
Korbus earned 166 total points
ID: 39757818
My real world experience:

I was administerting a network that was subject to brute force Terminal Server attacks.  They were never able to get in, our passwords were simply too strong.  Not wanting to press our luck, we eventually changed our terminal server port to a custom value, which was a pain for users, but it hid us from further attacks.  (Microsoft does NOT have software in teminal server to detect this type of attack, and to a firewall it would look like normal terminal-sever traffic.)

"Port Scanning" is a tequnique they might have tried to find our new TS port, where they basically try talking to all ports and see what reply they get,  but some advanced firewalls can detect and block IP's exhibiting this behavior.
0
 

Author Comment

by:cgruber
ID: 39757928
Thanks. You say: "It is just easier to get a compromised computer than brute attack a network."

What are the most common ways one would attempt to compromise a computer?

Are keyloggers still used, or thats just old technique?
0
 

Author Comment

by:cgruber
ID: 39757930
Thanks Korbus, that is good info. Although I would imagine a password such as John000 would be relatively simple to crack using brute force.
0
 
LVL 12

Expert Comment

by:ryan80
ID: 39757944
For cracking passwords they need to be able to run the possibilities, so if ad locks the account after a number of failed attempts that will prevent this. Realistically you don't have to worry about this as long as there is a lockout and some kind of complexity.

Most common way to compromise a computer is by the user. Have them download a virus through email or a site. That is how RSA was hacked. It isn't worth the time off an attacker to find a vulnerability in the public facing infrastructure instead of getting a user to click on something, most of the time.
0
 
LVL 12

Expert Comment

by:ryan80
ID: 39757960
Time and time again, users will be the weak point in security. If you were to do a spear fishing attack test, you would probably be shocked by the results. It is always surprising how many people will enter their username and password into a site that looks similar to what they expect.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now