Help me explain to my bosses why PC bridging is bad !

Unanswered Question
Jan 31st, 2007

Hi,

At my company we have a lot of wireless broadband connections that users can connect to from their laptops, whilst also being connected to the corporate network. The broadband connection is natted, but thats the only security there is.

I'm trying to convince my bosses that this is bad, but need seem examples of how this can make the network vulnerable.

I'm not a security guy, but I can see how this could be a problem.

Could some of you experts out there give me some ammunition to fire at my bosses please ?

Thanks

Lee

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mhellman Wed, 01/31/2007 - 10:02

Well, there is the issue of an attacker getting access to the wireless network --which I've heard happens from time to time;-). do you also only have NAT protecting the internal network? Maybe their thought process is "it doesn't suck any worse than our internal network security".

Do a little research on reverse shells. this link seems to be a good start:

http://www.plenz.com/reverseshell

lee.messenger Thu, 02/01/2007 - 01:27

Hi,

If the hacker gets access to the wireless network, could you explain what he could actually do ? This network only provides broadband Internet access and has no connection to the corporate net, other than through the PC.

The Internal network is protected by firewalls, prxy servers and a strict rulebase.

Thanks for the link, will take a look

Lee

mhellman Thu, 02/01/2007 - 06:16

"This network only provides broadband Internet access and has no connection to the corporate net, other than through the PC."

What do you mean "other than through the PC"? I mean, that's really the whole issue. A PC is just a few clicks away from becoming a router. You're network path used to look like this:

Internet<->Firewall<->Proxy<->Notebook

Now it looks like this:

Internet<->Firewall<->Proxy<->Notebook<->Wireless<->NAT gateway<->Internet

Because of mobility, notebooks often present other challenges as well. IME, they are not patched as timely as regular workstations. They are used away from work and in hostile environments, like hotels and airports, and tend to get infected with malware more frequently (i.e. surfing higher risk sites when I'm at the hotel...porn).

If I gain access to the wireless network, I would typically have unfiltered access to any nodes on the wireless network. In your scenario, that includes those higher risk notebooks which are also directly connected to your internal network (i.e. I completely bypasses all those carefully implemented firewalls and proxy servers you mention). If I can compromise one of those hosts, then I will likely have full network access to your internal network.

lee.messenger Thu, 02/01/2007 - 08:27

Thanks Mhellman, thats good info and explains the risks well, I have a meeting with my bosses next week so this will help me illustrate the risks to them

Lee

Actions

This Discussion