Attacking Game Consoles On Corporate Networks

← Back to Stories (view on slashdot.org)

Attacking Game Consoles On Corporate Networks

Posted by Soulskill on Monday August 2, 2010 @10:48PM from the waggle-the-wiimote-to-lock-it-down dept.

A pair of security researchers speaking at DefCon demonstrated how video game consoles, which are becoming increasingly common break room or team-building toys, can open vulnerabilities in corporate networks. "[They] found that many companies install Nintendo Wii devices in their work places, even though they don’t let you walk into the company with smartphones or laptops. (Factories and other sensitive work locations don’t allow any devices with cameras). By poisoning the Wii, they could spread a virus over the corporate network. People have a false sense of security about the safety of these game devices, but they can log into computer networks like most other computer devices now. In the demos, the researchers showed they could take compromised code and inject it into the main game file that runs on either a DS or a game console. They could take over the network and pretty much spread malware across it and thereby compromise an entire corporation. The researchers said they can do this with just about any embedded device, from iPhones to internet TVs."

79 comments

Min score:

Reason:

Sort:

Don't plug it to internet by odies · 2010-08-02 22:48 · Score: 3, Insightful

You know, you could just not plug the game console into network. There is no reason why a break room and especially team-building games need an internet connection.
1. Re:Don't plug it to internet by dltaylor · 2010-08-02 22:54 · Score: 1
  
  And how, exactly, are the "must connect to the server" games, particularly the team games, to be played without either an internet connection (which, in a competent IT setup, would be VLAN'd directly to the internet) or a pirate server?
2. Re:Don't plug it to internet by Anonymous Coward · 2010-08-02 22:55 · Score: 0
  
  Even if that's resolved, there's still the issue of game developers having dozens or hundreds of Wii(/360/PS3/DS/PSP) consoles all active and connected to the network. To me, that's actually the bigger issue here.
3. Re:Don't plug it to internet by Dayofswords · 2010-08-02 22:56 · Score: 2, Informative
  
  Not to mention that the Wii doesn't have any good online games. So why connect anyways?
  
  --
  Someday we'll hit the human carrying capacity. And the band will just play on.
4. Re:Don't plug it to internet by simoncpu+was+here · 2010-08-02 23:00 · Score: 1
  
  Well, you can also say the same thing to your workstation. Ten years ago, people thought that there was no reason why office workstations would need to be connected to a network.
5. Re:Don't plug it to internet by odies · 2010-08-02 23:02 · Score: 2, Insightful
  
  And how, exactly, are the "must connect to the server" games, particularly the team games, to be played without either an internet connection (which, in a competent IT setup, would be VLAN'd directly to the internet) or a pirate server?
  And what are those games requiring an internet connection? I can't seem to recall any on consoles.
  Besides if there are such console games, then you just have some other games in the break room. It's not that complicated.
6. Re:Don't plug it to internet by shentino · 2010-08-02 23:18 · Score: 1
  
  How about games with obscene DRM that requires you to have an internet connection to an auth server before you're allowed to play?
7. Re:Don't plug it to internet by zMaile · 2010-08-02 23:19 · Score: 0
  
  There is the issue of alot of games requiring another console to connect to to play multiplayer (which i'm assuming is what you mean by team-building).
8. Re:Don't plug it to internet by Anonymous Coward · 2010-08-02 23:23 · Score: 0
  
  And if a specific game example is required of that, Final Fight on the PS3. It's pretty much an offline game but requires the internet. Go fig.
9. Re:Don't plug it to internet by odies · 2010-08-02 23:23 · Score: 2, Informative
  
  How about games with obscene DRM that requires you to have an internet connection to an auth server before you're allowed to play?
  You have an example of such Wii game? Besides, if it has such an obscene DRM you cannot even run it on a hacked console nor modify the game data. This whole story assumes you're running a hacked Wii so that you can run a pirated version of the game that the hackers had modified.
10. Re:Don't plug it to internet by CrashandDie · 2010-08-02 23:24 · Score: 2, Interesting
  
  20, maybe. 10? Definitely.
  I remember pulling coax in the early first half of the 90s all over the place. Then ethernet came and made us damn ourselves. Everyone wanted to be connected. Centralised printer, easy file transfer.
11. Re:Don't plug it to internet by Richard_at_work · 2010-08-02 23:31 · Score: 2, Insightful
  
  What about them? How about the games console just gets removed from the break room again? Humanity existed without the instant gratification of the Wii for thousands of years, it can survive a lunchtime at work.
12. Re:Don't plug it to internet by solevita · 2010-08-02 23:41 · Score: 4, Insightful
  
  The problem isn't network connectivity, the problem would be large flat corporate networks. Why have one network with all your office machines, manufacturing equipment, games consoles and telephones on it? Just create a games console VLAN that has access to the Internet and no routes to any internal networks.
  
  This story is only a story if your Network Admin knows nothing about network admin.
13. Re:Don't plug it to internet by TheCarp · 2010-08-02 23:58 · Score: 2, Interesting
  
  Thats no fun! Seriously, its a corperate world we are talking about right? Why not a corporate solution. We deal with devices that need some manner of protection all the time.
  You put this into an existing subnet of devices that require internet access but not internal LAN access. If you don't have such a pool of devices, you make such a subnet. Hell you define a game console VLAN, put all the game consoles in it (even a large company shouldn't have more than a handful), give them a small subnet (a /27 or something), and then setup their gateway router to only allow them to connect out the internet pipe and not to the internal network.
  The real problem, I think, is that such devices are easily overlooked. Some manager putting a wii in the break room might not realize whats the exposures are, and just gets a network drop like any old desktop, and plugs it in.
  -Steve
  
  --
  "I opened my eyes, and everything went dark again"
14. Re:Don't plug it to internet by arth1 · 2010-08-03 00:03 · Score: 2, Informative
  
  And how, exactly, are the "must connect to the server" games, particularly the team games, to be played without either an internet connection (which, in a competent IT setup, would be VLAN'd directly to the internet) or a pirate server?
  And how, exactly, are "must connect to the server" games needed?
  Your argument makes about as much sense as complaining about the lack of dildos and handcuffs in the rest room, because how else can one play orgy games?
15. Re:Don't plug it to internet by TheCarp · 2010-08-03 00:05 · Score: 4, Insightful
  
  Of course, I should have pointed out, the project really dies (in a large corporate world) when you see your managers eyes glaze over as he imagines the hours upon hours of meetings that he will have to attend; to explain to the managers above him, how the networking technology (that he doesn't actually understand) works, so that he can justify asking them to ask the manager of the networking group to assign one of his people to the task of setting up the network portions of this.
  I guarantee thats where the whole plan dies and the Wii in the break room becomes not worth it. At least, at some places I know.
  -Steve
  
  --
  "I opened my eyes, and everything went dark again"
16. Re:Don't plug it to internet by sortius_nod · 2010-08-03 00:20 · Score: 1
  
  I can't say I recall any Wii or Xbox games that require an internet connection, the only ones would be Xbox Live and PSN games, but I can't say I've ever signed in to my own profile and downloaded live games at work when there's been an Xbox. Unplugged is perfect for an office.
17. Re:Don't plug it to internet by Lumpy · 2010-08-03 00:45 · Score: 5, Informative
  
  It's also moot. It is far easier to get inside the building and install a trojan machine. Hell a sheevaplug is $99.00 and with the right stickers can be made to blend in behind any copier or printer silently sitting there collecting data and mapping things out and reporting home.
  Hell the dual ethernet one in line with the right printer and it will be fed tons of great documents on the companies secrets that it can email home. sitting there ignored because it has a big HP printing sticker on it and reports as if its the printer... Even a super security guru would miss that one in all their security sweeps.
  
  --
  Do not look at laser with remaining good eye.
18. Re:Don't plug it to internet by Lumpy · 2010-08-03 00:55 · Score: 1
  
  10 years ago? REally? in the year 2000 you had businesses saying that?
  Us at comcast must have been cutting edge then with every desktop on the network and using really advanced things called "servers" to store files and even databases.
  I've been installing networks for computers for 20 years. Even in 1990 networking computers was a big thing and everyone saw that it was a major business advantage.... Novell utterly ruled back then. 10base2 networks roamed the land and every IT guy had a pocket of BNC T's and Terminators wherever he went...
  
  --
  Do not look at laser with remaining good eye.
19. Re:Don't plug it to internet by skids · 2010-08-03 00:57 · Score: 1
  
  Much simpler just to ban 802.11a/b less than 5.5Mbps... the Wii cannot go that fast and the rest of the clients don't need to. Then if wired is a concern just configure your NAC not to allow Wii MAC address prefixes, which being closed source are beyond the abillity of ordinary employees to change. Presto, no more network access for Wiis.
  
  --
  Someone had to do it.
20. Re:Don't plug it to internet by Lumpy · 2010-08-03 01:00 · Score: 1
  
  Because hiring competent network people is expensive.
  And the cheap MCSE's cant configure Cisco gear because it does not have a GUI.
  The real reason most small and medium business networks area utter mess is because the idiots in the executive offices can not understand that hiring at least 1 highly competent person to cover IT and networking is worth every dollar. You only need one part time, if you are a small shop... An no, Timmy the computer guy is not looking for a new toy when he asks for a nice cisco managed switch...
  
  --
  Do not look at laser with remaining good eye.
21. Re:Don't plug it to internet by tagno25 · 2010-08-03 01:08 · Score: 1
  
  802.11a cannot do 5.5mbps (not one of the allowed speeds), the Wii cannot talk 802.11a, and the Wii can connect at 54mbps to a 802.11g network
22. Re:Don't plug it to internet by TheCarp · 2010-08-03 01:19 · Score: 0, Troll
  
  I guess thats one way to "solve" the "problem". Sort of like, if you define concentration camps as a homeland; then Hitler was a zionist!
  While you could do all that, my whole point was, this is a pretty simple problem to deal with. You can easily allow the wii or any other device, access to the internet but NOT the internal LAN. Its done all the time for certain types of devices. In fact, the WII is even a simpler case; often such hosts need to allow for internal connections initiated by machines on the LAN, but are not able to go the other way. The Wii doesn't even need that.
  -Steve
  
  --
  "I opened my eyes, and everything went dark again"
23. Re:Don't plug it to internet by icebraining · 2010-08-03 02:32 · Score: 2, Funny
  
  Humanity existed without /. too, yet here you are. Having a Wii is fine and probably beneficial to productivity, just don't get games that requires an internet connection.
  
  --
  Dilbert RSS feed
24. Re:Don't plug it to internet by BobMcD · 2010-08-03 03:36 · Score: 1
  
  You know, you could just not plug the game console into network. There is no reason why a break room and especially team-building games need an internet connection.
  This. Or, just put it on the public wireless. You know, the one for visitors that is in no way connected to your corporate network? You DO have public wireless, right??
25. Re:Don't plug it to internet by KDR_11k · 2010-08-03 03:57 · Score: 1
  
  It's a Wii, not a PC running Ubisoft games.
  
  --
  Justice is the sheep getting arrested while an impartial judge declares the vote void.
26. Re:Don't plug it to internet by KDR_11k · 2010-08-03 04:03 · Score: 1
  
  1. Not with a Wii.
  2. For LAN games just set up a separate LAN for the systems. They're going to be physically close anyway so a cheap consumer-level hub and some cables would be enough.
  
  --
  Justice is the sheep getting arrested while an impartial judge declares the vote void.
27. Re:Don't plug it to internet by PinkyGigglebrain · 2010-08-03 04:57 · Score: 1
  
  if your Network Admin knows nothing about network admin.
  Or doesn't know anything about how to lock down a network. Last place I worked had so many holes in the firewall when I took over it made chicken wire look like a brick wall.
28. Re:Don't plug it to internet by __aagbsn9250 · 2010-08-04 02:43 · Score: 1
  
  Why is everyone trying to reason why a NORMAL person would do or not do something. A target attack is done using non-conventional methods. For instance, you wouldn't even need media in the Wii, or physical connections to the network. The culprit would most likely be an employee or working in conjunction. The Wii could be softmodded, and access it's software via microSD card, which can easily be overlooked as most people don't even know where to find the slot or what it's used for. Wifi in conjunction with a second device that's planted in the physical network using non-standards can make your standard day go sour.
29. Re:Don't plug it to internet by Anonymous Coward · 2010-08-07 06:38 · Score: 0
  
  I quite enjoy playing Mario Kart online, though since you seem to spend half your time waiting for each race to be set up I'm not sure I'd bother with online play during a break.
Would they care to share how they do it? by Nursie · 2010-08-02 22:52 · Score: 1

Perhaps with the homebrew scene? Being able to run arbitrary code on a PS3 (not under the now defunct OtherOS) would be a great help!
1. Re:Would they care to share how they do it? by odies · 2010-08-02 22:54 · Score: 0
  
  They can't do it with PS3 or newer 360's, that's why they're explicitly talking about Nintendo's consoles which have been hacked. And even with Wii (and iPhone's and so on) the console needs to be jailbroken for it work.
Thanks a lot... by WhitePanther5000 · 2010-08-02 22:56 · Score: 1

Now they're going to take away our Wii :(
1. Re:Thanks a lot... by notaspunkymonkey · 2010-08-03 04:01 · Score: 1
  
  Yeah.. my employer is already worried about a rumour that links gaming to violence.. I've no idea why, that guy from accounts who ran rampage shooting people in our office clearly hadn't played that much Halo.. His master chief outfit wasn't even realistic.
s/Wii/Windows by antifoidulus · 2010-08-02 23:05 · Score: 3, Insightful

Couldn't you pretty much just replace the word "Wii" with the word "Windows" and have an equally valid article?

Hooray for trolling!

--
Monstar L
1. Re:s/Wii/Windows by Anonymous Coward · 2010-08-02 23:17 · Score: 0
  
  LOL
  troll
2. Re:s/Wii/Windows by Arimus · 2010-08-02 23:26 · Score: 2, Insightful
  
  To be fair should be :/s/Wii/any\ connected\ device
  Can't think of a single network connected device that couldn't potentially offer an attack vector...
  
  --
  --- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
3. Re:s/Wii/Windows by maxwell+demon · 2010-08-03 00:27 · Score: 1
  
  Can't think of a single network connected device that couldn't potentially offer an attack vector...
  A hub?
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
4. Re:s/Wii/Windows by Anonymous Coward · 2010-08-03 00:37 · Score: 0
  
  Except, firstly, most companies don't need a Wii, day to day. Windows machines are a necessary evil for most companies, to Get Stuff Done. The Wii is just a perk to let employees blow off steam. Secondly, everyone knows that Windows(Or any network-connected desktop OS) is a potential security threat and the kinds of companies that would stop employees bringing in USB devices/cameras etc, are probably security conscious enough that they would have measures in place to mitigate against those potential security threats. The point of the article is that the Wii is an innocuous little white(black) box that (until now) most people wouldn't think of as a potential attack vector.
  
  Of course, I'm not sure the doom-mongering is appropriate:
  
  They also found that many companies install Nintendo Wii devices in their work places, even though they don't let you walk into the company with smartphones or laptops. (Factories and other sensitive work locations don't allow any devices with cameras).
  Would those kinds of companies really install a Wii? And connect it to the network? And it also depends on getting the malware onto the damn thing in the first place.... It's a nice idea, but the odds of it succeeding?
5. Re:s/Wii/Windows by Eevee · 2010-08-03 01:22 · Score: 1
  
  Couldn't you pretty much just replace the word "Wii" with the word "Windows" and have an equally valid article?
  No.
  Windows is an attack vector, but it's not being ignored. I suppose it depends on how large the company is, but where I'm at, we have staff whose job it is to keep up with the various security bulletins and make sure that they're being patched.
  A gaming system, on the other hand, isn't going to have staff dedicated to keeping it safe.
6. Re:s/Wii/Windows by Anonymous Coward · 2010-08-03 01:32 · Score: 0
  
  sedfail :P
  s/Wii/Windows/g
7. Re:s/Wii/Windows by RulerOf · 2010-08-03 02:12 · Score: 1
  
  A hub?
  THIS SUMMER
  
  Sony Pictures presents:
  
  The HORROR THRILLER that will SCARE your IT department ALL THE WAY TO THE BASEMENT!
  
  ________________________
  
  The NETWORK HUB from HELL!
  ________________________
  
  Network frames will be MANGLED.
  Packets will be DROPPED.
  User programs will be KILLED.
  Connections... will... DIE!
  
  "I've never seen the racks blink that color before... What the hel----*RING*-----What do you mean 'Address Conflict'? No, no, don't kill it with Task Manager, just----Oh... my... God..."
  
  It's going to be the ARP STORM of a lifetime.
  
  Written and directed by Uwe Boll.
  
  "I needed more phone jacks in my cubicle so I just brought this old box from home and^H^H^H^H
  
  NO CARRIER
  
  --
  Boot Windows, Linux, and ESX over the network for free.
8. Re:s/Wii/Windows by Arimus · 2010-08-03 09:14 · Score: 1
  
  Attack vector: I plug in, sniff all your traffic... don't even need valid ip address etc.
  
  --
  --- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
This isn't going to be a major threat. by Securityemo · 2010-08-02 23:14 · Score: 3, Interesting

There are probably much easier ways to perform targeted attacks against most organizations. But imagine someone bribing disgruntled wallmart/other low-wage chain employees into replacing cartridges and discs with what they are told are "just pirate copies that'l most likely play perfectly, no harm done really, you'l get a cut off the sales of the originals up front."

--
Emotions! In your brain!
Woot.. ruining the diversion for all!!. by Tei · 2010-08-02 23:42 · Score: 1, Interesting

The researchers will claim that are doing something productive, and have a point to that. But for the other 99.9999% of the population this type of stuff is just party-breaking.
Is like wen a researcher get out of the blue and strong-force a open source game dev to fix "important bugs". Now, the problem with what is important for a researcher, and what is important for a game dev is different. A single researcher (can I say hacker?) can efectivelly "DoS" a single game developer sending hole bugs, and forcing that game dev to ignore everything else and focus on that bug.
Yes, I said force. Something very nice about these researchers is that force everyone to share his idea of what is important. If you disagree, will make the hole public, so you are forced to fix that potential hole.
Yes, researchers do a important work, but that don't make then LESS A BUCH OF ASSHOLES.

--
-Woof woof woof!
1. Re:Woot.. ruining the diversion for all!!. by Securityemo · 2010-08-03 01:01 · Score: 1
  
  Hmm, yeah. If wikileaks can have an oversight system, couldn't a centralized vulnerability cache manned by trusted volunteers have one, to deal with ethics problems like that? To formalize the whole "full disclosure extortion" process, and make the bug fixing timetables standardized? But the risk of corruption would be extreme.
  
  --
  Emotions! In your brain!
Wii at work? by lyinhart · 2010-08-02 23:45 · Score: 3, Insightful

Wii consoles at work? Never heard of that before. I must be working at the wrong place.

--
Freedom is drinking a beer in the park when you're supposed to be at work.
1. Re:Wii at work? by arth1 · 2010-08-02 23:57 · Score: 2, Insightful
  
  I too was surprised by the article blurb, because I've never come across any company that provides handheld consoles. Nor one that allows personal equipment to be hooked up to the corporate network.
  Of course, there will always be asshats who disregard what they signed in their term of employment, and do things like private cell phone bluetooth connections to their work computer, or plugging in private USB fobs. And some might use a PSP during lunch break or as an MP3 player, which isn't much of a problem. But consoles provided by the company, hooked up to the network? I refuse to believe that this is common. It might be rare exceptions that coincide with what the kid^Wresearchers frequent.
2. Re:Wii at work? by jackbird · 2010-08-03 00:03 · Score: 1
  
  I could see it in some healthcare settings. Hospitals with pediatric inpatient units, or nursing/rehab facilities might legitimately have a Wii for the patients.
  
  Lots of small media/web companies have a console in the break area, too.
  
  I don't see either of those being particularly attractive targets, however.
3. Re:Wii at work? by ledow · 2010-08-03 00:13 · Score: 2, Insightful
  
  I once worked at a school that provided PS2's to their "seclusion rooms". It was a disgusting bit of pandering to the "naughty" kids / special needs kids in order to stop them causing trouble. They were also allowed to use mobile phones and would often phone the children in other school's seclusion units, so we weren't alone in this.
  You can imagine the student's thinking - if I smash the teacher I don't like in the face, I get to go to the seclusion room, play Playstation and phone my friends and not have to do any of this boring school work. Guess what they did again the next day? Or threatened to do if they didn't get their way?
  But yes, it's unusual but not impossible, and in a school we always assume that every computer is compromised anyway. Plugging a Wii in would hardly be unusual, even if just for staffroom hijinks or public display or a million and one other reasons. The difference is - you don't let the damn thing on your administrative networks and don't plug it into the network unless it's 100% necessary, like everything else.
4. Re:Wii at work? by Anonymous Coward · 2010-08-03 00:41 · Score: 0
  
  Maybe if you weren't off drinking in the park as much, we'd hit the bonus targets and could afford some goddamn games consoles.
  John Q Citizen
  CTO Yourjob Industries
5. Re:Wii at work? by juletre · 2010-08-03 00:42 · Score: 1
  
  We have a Wii and Guitar Hero in one of the meeting rooms. It is hardly in use and when it is, it is when someone stays late after work and plays a bit, drinks a few beers. Small consultancy firm, about 30 employees.
  
  --
  "he, who has quotes in his signature, is a douche" - unknown.
6. Re:Wii at work? by Rennt · 2010-08-03 00:54 · Score: 0, Troll
  
  Indeed. Inventing a hypothetical scenario then claiming you've discovered a real vulnerability seems to be par for the course at this year's DefCon. Disappointing.
7. Re:Wii at work? by omni123 · 2010-08-03 01:16 · Score: 2, Informative
  
  This is definitely not a hypothetical scenario (from the do-consoles-exist-in-the-workplace-standpoint, but certainly a non-issue if your network admin has a clue). My previous three employers have all had game consoles in meetings room, sometimes one per floor. The most recent is a large Australian bank which has beer in the fridge, consoles in the kitchen and pool/ping pong tables in the meeting rooms; used mainly by software developers and economists.
  It's a new age.
Please demonstrate by Drakkenmensch · 2010-08-03 00:10 · Score: 1

Exactly HOW do you "poison a Wii"?
1. Re:Please demonstrate by Anonymous Coward · 2010-08-03 00:26 · Score: 0
  
  Just write some nefarious homebrew.
  It's honestly nothing to shout about, but they seem to want attention for they ability to use devkitpro.
  And for this to even work in the way they suggest, they expect pirates to download patched roms/isos. (Rather than a scene release, or even labelling it as one.)
Network Printers by nukem996 · 2010-08-03 00:12 · Score: 2, Insightful

The real concern isn't game consoles its network printers. Pretty much every company has at least one these days on their network and most of the machines assume its trusted. All someone would have to do is modify the firmware on one of the printers to start cracking the network. Getting access to the printer would be pretty easy in many cases. Many companies out source their printing to a third party that fixes them and supplies them with ink and paper. All someone would have to do is pretend to be fixing a printer and they're in.
Like all the office pr0n traffic isn't enough... by Golbez81 · 2010-08-03 00:24 · Score: 1

Now we have to worry about our company Wii's! What is this internet coming to....
Am I missing something? by DickeyP · 2010-08-03 00:34 · Score: 2, Insightful

If an attacker can even get to such a device, doesn't that imply the network has already been compromised? Perhaps not to the level of full control, but enough to target any device, not just game consoles. Or is the OP assuming physical access to these consoles?
How is this different from any network device? by DJRumpy · 2010-08-03 00:51 · Score: 2

Any properly fire walled device should be protected for the most part. That said, giving anyone physical access to a network device on your internal network exposes this type weakness. It's a bit ridiculous to state it's on the internal network and then get everyone riled up that it has access to said network resources. The simple fact remains that any network connected device could do this.
TFA states that they could do this with a pirated version of a game. Although this may be much more common in a home environment, I'm thinking a work supplied device that never leaves the office would be a bit harder to do this to? Some simple physical restraints or claims to limit what media can be placed into it, and proper firewall controls to prevent unauthorized browsing should mitigate this is a big exposure.
How is this different from any workstation?
1. Re:How is this different from any network device? by DJRumpy · 2010-08-03 00:57 · Score: 1
  
  Apologies for the typos. I have obviously NOT had enough coffee yet this morning...
  physical restraints or claims = physical restraints or CLAMPS
  mitigate this is a big exposure == mitigate this AS a big exposure
Unfortunately, NetAdmin != Sysadmin by RulerOf · 2010-08-03 00:52 · Score: 2, Interesting

This story is only a story if your Network Admin knows nothing about network admin.
Plenty of places make their sysadmins set up the network hardware, but the problem is that we're sysadmins, not network admins. It's annoying as all hell, but the fact is that plenty of businesses will forego hiring a networking expert simply because they don't think they need to.

Given a network and adequate hardware, even I can point out what an appropriate topology would be for the setup, but I just don't know how to do it. I understand the concept of VLANs, routing, DHCP relay, etc., but I just don't know how to configure the hardware. I really wish I did, too, but on the same token I'd rather spend my time and effort working on hardware and OS level stuff and just be able to tell the network guru[s] how I'd like the connectivity to play out.

...To give you an idea of my networking ignorance: In spite of the fact that I know VLAN tagging is a modification to ethernet frames themselves (i.e., I know they're a subset of 802.3), I spent god knows how long trying to forward VLAN traffic over a wireless (or 802.11) connection. It wasn't until I called the VoIP provider that I realized what foolishness I had been pursuing for the better part of an hour :-P (In retrospect, if I had gotten EoIP to work in the first place like I had planned, it should have worked)

--
Boot Windows, Linux, and ESX over the network for free.
1. Re:Unfortunately, NetAdmin != Sysadmin by drinkypoo · 2010-08-03 01:34 · Score: 1
  
  Given a network and adequate hardware, even I can point out what an appropriate topology would be for the setup, but I just don't know how to do it. I understand the concept of VLANs, routing, DHCP relay, etc., but I just don't know how to configure the hardware.
  This stuff is NOT HARD until you get to multi-homing. So there's no excuse for not reading the documentation and just figuring it out. Static routing is really simple. VLANs are really simple. I got hired into Cisco as a lab admin and while I was there I and a coworker co-wrote a tool to permit people to reconfigure their own VLANs. We did it with Filemaker Pro on a Windows box and perl on a Linux one. It wasn't built for security, but it didn't matter in this context and it just goes to show how damned easy VLANs are. You assign ports to VLANs, done! If you don't have a layer 3 switch, you need a router (or firewall which is just a router with fancier ACLs) connected to the two VLANs with separate segments.
  If you can't RTFM and figure out how to configure the hardware, yea, even unto the Cisco crap that people are so inordinately proud of, then you're not a Systems Administrator. You're a server admin, or a lab rat.
  
  ...To give you an idea of my networking ignorance: In spite of the fact that I know VLAN tagging is a modification to ethernet frames themselves (i.e., I know they're a subset of 802.3), I spent god knows how long trying to forward VLAN traffic over a wireless (or 802.11) connection. It wasn't until I called the VoIP provider that I realized what foolishness I had been pursuing for the better part of an hour :-P
  There are, of course, ways to tunnel VLANs. Cisco in particular supplies "Cisco Fast EtherChannel" (also interoperably supported by HP and probably others) which allows you to bind multiple physical wires into a single logical connection, and atop it you may run "Inter-Switch Link (ISL) VLAN trunking" to carry multiple VLANs across such a channel (or just over a single physical connection.)
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
2. Re:Unfortunately, NetAdmin != Sysadmin by RulerOf · 2010-08-03 02:52 · Score: 1
  
  If you can't RTFM and figure out how to configure the hardware ... you're not a Systems Administrator. You're a server admin, or a lab rat.
  I very likely could. I've gone from clueless to fully functional on all sorts of applications through simple RTFM and sample setup maneuvers, but when it comes down to it, I think it makes the most sense to leave the network stuff to the network admins and the server stuff to the server admins. While I suppose you could be right---I've never heard an "official" definition of "Systems Administrator"---I've long considered "Network" Administrators to be the ones that handle, set up, and maintain the physical and logical aspects of network layout and connectivity, whereas "Systems" Administrators handle, set up, and maintain the payload that goes on that network (e.g. servers, desktops, printers, embedded devices, and sometimes VoIP hardware). I apologize if I've offended you, but I consider "server admin" to be a subset of my skills, and am far more capable than a "lab rat," though I admit I do highly enjoy testing things in a lab.
  
  I can set up static routes and have routed traffic between two networks and so on, but my point is that I'm not an expert at it. In a pinch I can get the job done, but I'd rather someone who understands routing, VLANing and so on more fundamentally than I do perform the configuration rather than myself, because I would trust that person's skill set more than my own.
  
  That said---and much like IPv6 vs IPv4---I've read plenty of documents and book chapters that detail the more sophisticated aspects of networking, but I have found them all to be lacking somewhere as I still don't understand what I'm actually doing when I attempt to configure real or virtual network hardware in a test environment; It just works. If you can point out a guide that explains VLANing to someone who is completely ignorant on the subject (for example, I don't understand how you can configure a switch port to be VLAN X, or just tagged, or what the difference there is, or when/how/what the difference is between VLAN settings on a switch port VS. on a NIC, and on and on), I would really like to see it, but I've never come across it yet, and I'd be quite grateful.
  
  ...for that matter, and speaking of IPv6, if you can similarly point out instruction for how it works targeted at someone who has a good functional understanding of IPv4, that'd be spiffy too. Similarly, everything I've tried to read simply doesn't explain things well enough and doesn't compare or contrast to IPv4 analogs.
  
  --
  Boot Windows, Linux, and ESX over the network for free.
3. Re:Unfortunately, NetAdmin != Sysadmin by egcagrac0 · 2010-08-03 04:19 · Score: 1
  
  Networks are systems. Systems are not always networks. It may take a sysadmin longer to figure out the wiggly details that a netadmin would just know (from specializing and doing it all day long), but it should not be impossible.
  Don't feel too bad; a lot of people don't understand why trying to do Wake-on-LAN to an IP address doesn't work for more than 15 or 20 minutes after power-off.
4. Re:Unfortunately, NetAdmin != Sysadmin by drinkypoo · 2010-08-03 05:33 · Score: 1
  
  I apologize if I've offended you, but I consider "server admin" to be a subset of my skills, and am far more capable than a "lab rat," though I admit I do highly enjoy testing things in a lab.
  My title has been "Lab Administrator" before so it would be hard to offend me here, and no offense was meant. I have no real idea what you're actually capable of. Still, I think we have to set some standards :p
  
  ...for that matter, and speaking of IPv6, if you can similarly point out instruction for how it works targeted at someone who has a good functional understanding of IPv4, that'd be spiffy too. Similarly, everything I've tried to read simply doesn't explain things well enough and doesn't compare or contrast to IPv4 analogs.
  Sorry, I haven't had to learn IPv6 yet so I have no idea where to look. It seems that the demand is pretty close to nil. I had a tunnel once but it caused more problems than it resolved so I abandoned it.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
You're ignoring the funny part by tkrotchko · 2010-08-03 00:53 · Score: 1

Read the comments below the article. They're far more entertaining than the article itself.

--
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Dildos and Handcuffs in the Rest Room by Maarx · 2010-08-03 01:02 · Score: 1

Your argument makes about as much sense as complaining about the lack of dildos and handcuffs in the rest room, because how else can one play orgy games?
There's a few US Senators that would like to have a word with you.
DMZ by davidla · 2010-08-03 01:10 · Score: 2, Insightful

That's why you put it in it's own special little DMZ. Give it access to nothing but the Internet.
not only that the frimwere is tie to warranty / hi by Joe+The+Dragon · 2010-08-03 01:30 · Score: 1

not only that the frimwere is tied to warranty / high cost software maintenance planes. Even some of the printer that use a windows pc for rip and other stuff are locked down so you can't install windows updates no HP or who ever as to do them.
Relies on stupidity. by GrumpySteen · 2010-08-03 01:53 · Score: 2, Insightful

Everything in the article seems to require getting the user to download compromised code and run it on a game system. If you're stupid enough to download random software and run it, you're going to open yourself up to malware regardless of what OS or hardware you do it on.
Covered at Black Hat like 10 years ago... by Anonymous Coward · 2010-08-03 03:36 · Score: 1, Informative

This has been covered over and over again since at least the mid 90's. The times are changing and the consoles are different but it is the same concept.
http://www.geek.com/articles/games/black-hat-dreamcast-is-choice-console-for-information-warfare-2002082/
It's about employee rationale by tepples · 2010-08-03 04:44 · Score: 1

How about the games console just gets removed from the break room again?

How about key employees quit and go to a company that has a better stocked break room? Competition isn't just about keeping customers; it's also about keeping employees.
Restricted network by Cico71 · 2010-08-03 19:07 · Score: 1

Given that proper firewalling and DMZs should be in place, they should put it on a restricted network along with guests laptops and other devices that don't really need to be in the corporate network. Nowadays it's simpler to setup such an environment even using windows with NAP http://en.wikipedia.org/wiki/Network_Access_Protection
Much like Slashdot by Anonymous Coward · 2010-08-03 19:43 · Score: 0

I made a funny!