Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Ways to exploit a simple network?

Posted on 2014-01-05
14
Medium Priority
?
540 Views
Last Modified: 2014-01-05
I have a simple network as per diagram below.

Assuming my public IP address is known to the intruder, what ways could one use to gain access to my network and use a browser to visit websites whilst masked by my IP address?

There are no firewalls or AV present, ports 70, 80, 443, 3389, 25, 21 are open.
setup.jpg
0
Comment
Question by:cgruber
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +2
14 Comments
 
LVL 10

Expert Comment

by:Korbus
ID: 39757743
If your users browse the internet,  you must protect your workstations from infection.  Simply going to the wrong website without the proper, fully updated, AV software can compromise your system.  Once this is done, and you have a compromised system on your network, your network can no longher be considered secure.

This is the most common way I have seen networks compromizsed.
0
 

Author Comment

by:cgruber
ID: 39757744
Thanks. How does this relate to my question though?

I want to know how someone outside the LAN could access my network to use a browser, to browse websites.
0
 
LVL 12

Expert Comment

by:ryan80
ID: 39757761
What are you concerned about people accessing in your network? If your terminal server was compromised then they could access it and browse from there, if terminal services are published to the outside.

For someone to get in, they would have to compromise your router or TS server. Router is not very likely unless you have a crap password. If the ts sever is patched and secured correctly you should be safe.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 10

Expert Comment

by:Korbus
ID: 39757762
Well, lets say one of your workstations is compromised by hostile software.  Once the system is comprimised, it could allow an attacker to take full MANUAL control of the system.  
It would do this by reach OUT through your firewall to the attacker.  
Once controlling your workstation through the outbound hole it makes in the firewall, the attacker could then use this to browse the web from that system, or even use it as a source to hack other systems.


Is that clear?  Or do you want more details?
0
 
LVL 22

Accepted Solution

by:
CompProbSolv earned 668 total points
ID: 39757764
One possibility is to connect to your terminal server and then go back out on the internet from a browser running on it.  One would need to know (or guess) an appropriate login name and password to accomplish that.

To follow on Korbus's answer, if you were browsing and were not well protected nor careful enough, you could have software installed on your computer without being aware of it.  Someone from the outside could route their packets through the software such that their browsing of the internet appears to originate from your site.

Another possibility is to connect to your wireless (if physically close enough) and then browse the internet from there.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 39757771
hmm, sounds like a Hacker101 question.

I'd recommend reading up on security best practices. work this problem backwards, this isn't a hacker school and I imagine I'm not the only person that isn't completely comfortable spewing out a bunch of info that could be used for nefarious purposes. (not to imply that's your intent).

get a firewall with Intrusion detection, close all ports not needed.

If there's no firewall how is there a list of open ports. an exposed network will have many ports open.

while not a firewall a simple router is actually a pretty good stop-gap against any amateur
0
 

Author Comment

by:cgruber
ID: 39757782
CompProbSolv: Thanks for the answer, it is the most appropriate out of all.

In reality, how difficult would it be to guess a regular TS password? eg: John000
The same question applies to connecting to wifi physically.
0
 

Author Comment

by:cgruber
ID: 39757792
Korbus: Thats clear. However my question relates to gaining access from outside, without help from inside the LAN (such as software to compromise security being accessed by a user on the LAN).

For this purpose, the LAN/Office is unattended - PCs are turned on but not used by anyone.
0
 
LVL 12

Assisted Solution

by:ryan80
ryan80 earned 668 total points
ID: 39757801
It depends on how your AD is configured. If you lockout accounts after a number of tried, as long as you have complexity to your passwords you should be safe. For Wi-Fi use wpa2.

For what you are doing, a router will do just as well as a firewall.

Most attacks are based off of compromising an internal computer and then launching from there. It is just easier to get a compromised computer than brute attack a network.  If you are only publishing a ts login then you should be safe. Of course base your security off of the value of your data.
0
 
LVL 10

Assisted Solution

by:Korbus
Korbus earned 664 total points
ID: 39757818
My real world experience:

I was administerting a network that was subject to brute force Terminal Server attacks.  They were never able to get in, our passwords were simply too strong.  Not wanting to press our luck, we eventually changed our terminal server port to a custom value, which was a pain for users, but it hid us from further attacks.  (Microsoft does NOT have software in teminal server to detect this type of attack, and to a firewall it would look like normal terminal-sever traffic.)

"Port Scanning" is a tequnique they might have tried to find our new TS port, where they basically try talking to all ports and see what reply they get,  but some advanced firewalls can detect and block IP's exhibiting this behavior.
0
 

Author Comment

by:cgruber
ID: 39757928
Thanks. You say: "It is just easier to get a compromised computer than brute attack a network."

What are the most common ways one would attempt to compromise a computer?

Are keyloggers still used, or thats just old technique?
0
 

Author Comment

by:cgruber
ID: 39757930
Thanks Korbus, that is good info. Although I would imagine a password such as John000 would be relatively simple to crack using brute force.
0
 
LVL 12

Expert Comment

by:ryan80
ID: 39757944
For cracking passwords they need to be able to run the possibilities, so if ad locks the account after a number of failed attempts that will prevent this. Realistically you don't have to worry about this as long as there is a lockout and some kind of complexity.

Most common way to compromise a computer is by the user. Have them download a virus through email or a site. That is how RSA was hacked. It isn't worth the time off an attacker to find a vulnerability in the public facing infrastructure instead of getting a user to click on something, most of the time.
0
 
LVL 12

Expert Comment

by:ryan80
ID: 39757960
Time and time again, users will be the weak point in security. If you were to do a spear fishing attack test, you would probably be shocked by the results. It is always surprising how many people will enter their username and password into a site that looks similar to what they expect.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question