Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


THWARTING HACKER TECHNIQUES: NETWORK SECURITY - YOU SHOULD KNOW JACK

Source: Information Security Magazine

Posted on February 1, 2005

      There it is... that little jack on the wall that's connected to a world of information, ranging from the Internet to your company's payroll system. One click of a network cable into the jack and they're on their way! Who, you might ask? Let's start with the curious one who finds an active network jack in a nice, quiet conference or training room. What are the real issues with this, and how do you combat them?

      Private facilities have always had an advantage over public facilities, in that they are easier to physically secure. Public areas, such as hospitals, universities and libraries, can be a real challenge to secure because of the lack of physical security. Public or private, there will always be some level of security risk wherever a network jack is active. Classrooms, communications closets and conference rooms are a few of the problem areas commonly found unlocked and accessible to anyone curious enough to peek inside.

      Let's get down to the real issue. Suppose a hacker connects a laptop to a network jack in your building. Most network jacks are active, meaning they are connected to a functioning piece of network equipment. If you are running a DHCP server, which hands out IP addresses to any device that is plugged into the network, one will be handed to the hacker's laptop as well. If DHCP is not used, the hacker can simply launch a sniffer and find an unused IP address for his laptop.

      Once connected, a few simple commands can locate some of your key servers, after which the enumeration of user accounts and services begins. In a matter of minutes, passwords will likely be compromised, a service or two may be exploited and the game is over. You've now got a real mess on your hands.

      What do you do? There are a couple of ways to help prevent hackers, or even vendors and contractors for that matter, from connecting computers to your network when they find a network jack. One thing you can do is disable network jacks in conference rooms and classrooms until people need them. Keeping these rooms locked whenever possible is another best practice. A third defense is to require your network switches to only allow network cards with specific addresses, called MAC addresses, to connect to your network.

      Every network card is programmed with a unique MAC address, which can be altered via spoofing software. Even more stringent is the option of configuring network servers to require a valid computer certificate before a user can logon. Keep in mind, if you want to keep unauthorized people from using computers already connected to your network, such as classroom PCs, you should enforce bootup and screensaver passwords to lock the PC at both ends, as well as requiring a user certificate. To learn more about certificates, contact a vendor of Public Key Infrastructure systems, such as RSA or Microsoft.

      Most of the above recommendations require the involvement of server and network administrators, who may or may not immediately see the value in these changes until you explain the reality of these security risks.

      Active network jacks are the entrance to a hacker's playground, and can result in a major cleanup effort if ignored.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.