Slashdot Mirror

← Back to Stories (view on slashdot.org)

What's On Your Network?

Posted by Zonk on from the sneaky-goings-on dept.

An anonymous reader writes "According to a Whitedust article you may currently have more on your network than you think you do. The article claims that not much security attention is generally given to one of the most elusive aspects of computer security; that of physical connectivity." From the article: "Broadcast traffic is on the rise, with more suspicious user activity in the logs every day. Then one morning you get a call from your irate boss wanting to know why he no longer has a network connection, yet the employees - or students or whoever - down the hall are able to play games and visit porn sites, at blazing speeds no less."

16 of 188 comments (clear)

  1. Maybe this is just me... by PhilipPeake · · Score: 4, Insightful

    but isn't this the sort of stuff that ANY network admin worth their salt should be completely aware of? If they need to be told this stuff they are not (IMHO) worth employing as other than apprentice network engineers. Or is this level of admin common in Windows environments?

    1. Re:Maybe this is just me... by cavtroop · · Score: 5, Insightful

      Also, try to remember that most companies IT departments are still short staffed, and pro-active monitoring like network scanning, etc. gets put way on the back burner. I agree with you, and am just playing devils advocate here :)

    2. Re:Maybe this is just me... by Homology · · Score: 4, Informative
      but isn't this the sort of stuff that ANY network admin worth their salt should be completely aware of? If they need to be told this stuff they are not (IMHO) worth employing as other than apprentice network engineers. Or is this level of admin common in Windows environments?

      Sure, where the employer can pay for it you'll have very good administrators, be it Windows or not. On most smaller sites, the administrator is not a full-time administrator, and is doing administration ad-hoc to his real job. This usually means that he does not have much training in this, nor much time for it either. Now, with all these (useful) Plug-and-Play devices you are bound to have some problems.

    3. Re:Maybe this is just me... by einhverfr · · Score: 3, Insightful

      Well... Here is my attitude towards the whole thing... Sudden enforcement is generally a problem for reasons you mention.

      However, when you are planning or deploying your network, it makes sense to add filters to nearly all routers (a standard filter set) which allows you to monitor for certain types of common misconfigurations and problems. This can be largely automated so you don't have to dedicate a large amount of manpower to reading and parsing through logs. Ideally such a router management infrastructure would require very little overhead to manage.

      When something turns up, you need to investiate it. Find out what is going on. If it is an in-house server some department is running, find out what it is doing, discuss what needs to be done about it, and find out what you can do to add the required functionality to your server infrastructure (one possibility is to grant the department some level of approval in operating the server if it is important to the business).

      Security exists in a balance with LOB requirements. Heavily pushing one or the other side is a recipe for business failure.

      --

      LedgerSMB: Open source Accounting/ERP
  2. static dhcp ? by maharg · · Score: 3, Interesting

    the best solution I have seen is where you have to register your equipments MAC address, then you get a "static" (i.e. always the same) ip address served to you via dhcp. No registered MAC address == no ip address. Presumably they had something looking for unregistered MAC addresses too. Pretty good, but doesn't stop you going in with a static address in the right range tho...

    --

    $ strings FTP.EXE | grep Copyright
    @(#) Copyright (c) 1983 The Regents of the University of California.
  3. Interesting points but possibly too specific by Sv-Manowar · · Score: 3, Insightful

    This article raises the issue of internal network security, which is something that's been increasing in profile as a security risk over the past few years as ethernet/wifi enabled devices get smaller, cheaper and easier to hide. However, this article's specific Cisco approach to dealing with things by tracking them back through routers and cisco-specific tools seems to be of less use than more general scanning and identification measures.

    It's safe to say a good proportion of administrators already on networks with devices migrating on and off at will already have a consideration for these problems, and the specific approach detailed in the article may not be of best use to those less experienced admins starting to tackle this issue on their networks.

    --
    Business Voyeur
  4. DHCP fun by flinxmeister · · Score: 5, Funny

    if you don't run DHCP, a fun project is to throw a DHCP server out there and see who gets configured.

    It's amazing all the little devices that show up. Switches, old print servers, workstations tucked away in a corner somewhere that time forgot....now that many of these networks are starting to push 10 years, it's like archeology.

    Every now and then you find something that you just can't physically find. Lotsa fun.

    1. Re:DHCP fun by bersl2 · · Score: 5, Funny

      Every now and then you find something that you just can't physically find. Lotsa fun.

      Obligatory bash.org quote:

      <erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.

    2. Re:DHCP fun by Shadow_139 · · Score: 3, Interesting

      This happened in Trinity College a few years ago, there were a few old AS400 Servers the Admins had forgotten about till one crashed and kill 3 of the main backend Databases with were running on them.

      After 2 months of looking for the Servers, following a jungle of Cat5,Coax and AUX leads it turned out that there was some building work done about 6 years before in an old section of the College thats not been used anymore and the Servers were hidden in a room that had been blocked off behind a new wall that had been put in...?!!??!

    3. Re:DHCP fun by Anonymous Coward · · Score: 3, Informative

      After 2 months of looking for the Servers, following a jungle of Cat5,Coax and AUX leads it turned out that there was some building work done about 6 years before in an old section of the College thats not been used anymore and the Servers were hidden in a room that had been blocked off behind a new wall that had been put in...?!!??!

      Strangely enough, the exact same thing happened at UNC-CH, except it was a Netware 3.12 server. And it happened at MIT, except it was an RS/6000, and at CWRU it was a SCO Unix box, and at Stanford it was a VAX cluster, blah, blah, blah...

      can you say "Urban Legend?"

    4. Re:DHCP fun by autocracy · · Score: 3, Insightful
      Or... "not unsurprising?"

      Age old machines that just run and are scattered around without sense can certainly fall to that. What about Sun and losing a major chip fab machine? Turned out some recently departed developer's desktop ran something that was critical to operations, but was formatted after he left. I'm off on the details as to what purpose it fulfilled, but its disappearance was noted at the executive (CIO) level because of its disturbance to the company's operations. Whoopsie?

      --
      SIG: HUP
  5. Tight Network by tburt11 · · Score: 4, Informative
    I maintain a relatively small network of about 50 workstations and about two dozen other devices.

    I distribute IP's thru DHCP, and I maintain an ACL via IPTABLES on my Linux router. DHCP distributes IP's based on MAC accress, and I do allow unknown MAC's to get an IP.

    The trick is, that any IP that I did not setup in DHCP, is blocked via the ACL to all Internet Access.

    Invariably, I get some VP/EXEC/VIP, call me and ask why his visiting sales rep cannot access his email. I walk into the office and the fellow has jacked into my network.

    My reply is Sorry.. You can use our WLAN for internet access. No jacking into the network.

    The WLAN is connected outside the firewall, so whatever they do there is of no concern to me.

    Yes, there are flaws in this method, but so far, it has brought every unathorized network connection to my attention...

  6. A Simple Security Precaution by Ed+Almos · · Score: 4, Informative

    Unplug unused network points.

    Three months ago we had a security audit carried out by an external company. The first thing they did was find a couple of unused offices and plug their laptops into the network points. I'm glad to say that there was no result.

    If you want to take this further then use managed switches and assign each port in use to a specific MAC address. That way if a 'visitor' pulls the plug on one of your computers and plugs their machine there will still be a nil result.

    Ed Almos
    Budapest, Hungary

    --
    The more corrupt the state, the more numerous the laws. - Tacitus, 56-120 A.D.
  7. I had to start locking my house doors by Anonymous Coward · · Score: 4, Funny

    Apparently, kids drive around with laptops looking for open network closets. These fuckers plugged in a cat5e into my switch and started leeching bandwidth for all their friends. I've recommended that my neighbors start locking their doors and change keys often just in case. Also, if you notice any unexplained cat5 going out doors into the back yard, you should investigate.

  8. Porn Sites hurt Feelings. by ebooher · · Score: 4, Insightful

    Could someone please tell me why employees browsing porn sites is such a big fucking deal? How is it different than employees browsing /.?

    IT security people at corporations are becoming porno hunters. Be proud, guys.

    You apparently do not live in the U.S. You see, here we have these things called laws that are written and voted upon by hairless monkeys that are given offices by people that can't be bothered to read and vote on these "laws" themselves.

    Some of these "laws" revolve around personal opinion and human emotions known as "feelings." They state that if you do something that hurts someone elses "feelings" you will go to jail and have to give them a lot of money.

    This has caused a rash outbreak of people "sniping" or hiding out in bushes that sometimes decorate offices and awaiting an unsuspecting employee to briefly brush past a site holding pornographic material. Google.com is a good example. In this instant they leap from the previously hidden sniping bush and proclaim that the barest hint of an unclothed nipple has hurt their "feelings"

    This results in a winning lawsuit in which the unknowing employee receives a new boyfriend at the same time that he is given to the sniper as a money slave for the rest of his life. Sometimes it even results in the closing of an entire company and results in a rise in unemployment which these people called "taxpayers" really have something against.

    A couple of years ago something that looked almost like a nipple, but clearly wasn't, caused a major change in the entire U.S. broadcasting industry because of all the people whose "feelings" the wardrobe malfunction had caused to be hurt.

    This has caused companies to be very careful about keeping anything that could possible hurt "feelings" out of their offices and off of their computers. Where I work, we usually just leave the computers turned off ....

    --
    "Genius may shine aloof and alone, like a star, but goodness is social, and it takes two men and God to make a Brother."
  9. Re:Company policy enforcement? by einhverfr · · Score: 3, Informative

    FUD. A Unix machine running NFS is an automatic security problem.

    FUD. NFS has its uses. Just don't let untrusted (i.e. generally used desktops, etc) have direct access to it.

    The better solution is to use NFS as a fast setup for sharing disk space between a number of servers (say, for load balanced web servers running CPU-bound scripts) and read-only NFS for home directories with read-write AFS subdirectories (via symlinks?) used for anything important (things have to be done this way because AFS cannot be accessed during the login process due to credential issues).

    NFS is not an *automatic* security problem. It is just a *likely* security problem.

    --

    LedgerSMB: Open source Accounting/ERP