Slashdot Mirror
What's On Your Network?
An anonymous reader writes "According to a Whitedust article you may currently have more on your network than you think you do. The article claims that not much security attention is generally given to one of the most elusive aspects of computer security; that of physical connectivity." From the article: "Broadcast traffic is on the rise, with more suspicious user activity in the logs every day. Then one morning you get a call from your irate boss wanting to know why he no longer has a network connection, yet the employees - or students or whoever - down the hall are able to play games and visit porn sites, at blazing speeds no less."
Sure, where the employer can pay for it you'll have very good administrators, be it Windows or not. On most smaller sites, the administrator is not a full-time administrator, and is doing administration ad-hoc to his real job. This usually means that he does not have much training in this, nor much time for it either. Now, with all these (useful) Plug-and-Play devices you are bound to have some problems.
I distribute IP's thru DHCP, and I maintain an ACL via IPTABLES on my Linux router. DHCP distributes IP's based on MAC accress, and I do allow unknown MAC's to get an IP.
The trick is, that any IP that I did not setup in DHCP, is blocked via the ACL to all Internet Access.
Invariably, I get some VP/EXEC/VIP, call me and ask why his visiting sales rep cannot access his email. I walk into the office and the fellow has jacked into my network.
My reply is Sorry.. You can use our WLAN for internet access. No jacking into the network.
The WLAN is connected outside the firewall, so whatever they do there is of no concern to me.
Yes, there are flaws in this method, but so far, it has brought every unathorized network connection to my attention...
Unplug unused network points.
Three months ago we had a security audit carried out by an external company. The first thing they did was find a couple of unused offices and plug their laptops into the network points. I'm glad to say that there was no result.
If you want to take this further then use managed switches and assign each port in use to a specific MAC address. That way if a 'visitor' pulls the plug on one of your computers and plugs their machine there will still be a nil result.
Ed Almos
Budapest, Hungary
The more corrupt the state, the more numerous the laws. - Tacitus, 56-120 A.D.
After 2 months of looking for the Servers, following a jungle of Cat5,Coax and AUX leads it turned out that there was some building work done about 6 years before in an old section of the College thats not been used anymore and the Servers were hidden in a room that had been blocked off behind a new wall that had been put in...?!!??!
Strangely enough, the exact same thing happened at UNC-CH, except it was a Netware 3.12 server. And it happened at MIT, except it was an RS/6000, and at CWRU it was a SCO Unix box, and at Stanford it was a VAX cluster, blah, blah, blah...
can you say "Urban Legend?"
FUD. A Unix machine running NFS is an automatic security problem.
FUD. NFS has its uses. Just don't let untrusted (i.e. generally used desktops, etc) have direct access to it.
The better solution is to use NFS as a fast setup for sharing disk space between a number of servers (say, for load balanced web servers running CPU-bound scripts) and read-only NFS for home directories with read-write AFS subdirectories (via symlinks?) used for anything important (things have to be done this way because AFS cannot be accessed during the login process due to credential issues).
NFS is not an *automatic* security problem. It is just a *likely* security problem.
LedgerSMB: Open source Accounting/ERP