Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Breaking into corporate enterprises, governments etc.

  • 17-01-2015 11:54am
    #1
    Registered Users, Registered Users 2 Posts: 1,977 ✭✭✭


    Firstly, please don't make assumptions about me or my motives but I am curious as to how potential attackers would get ip address' of target networks...

    I know many things about this area (it's an area I am constantly close to due to working in the industry) - what baffles me is the idea that companies or organisations like these would host email or their website on their own dmz zones on their own networks....even for files these days and the benefits of the cloud (with encrypted data of course)...so, where do they get ip address'? What kind of machines are exposed to the internet that are directly connected to sensitive internal networks.

    I know that you have factors like ERP systems and the like but your talking about VPN's there and finding the ip address of mobile computers?

    I know that money is always going to be a factor but I imagine that's where the price is based "somewhat" to get the business for these hosting companies? Plus the likes of expertise and redundancy you get with some of the bigger companies.


Comments

  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    From the inside.

    Send a malformed PDF to some low level monkey, they open it, infect the machine. Boom, you have a beached within the LAN (firewall isnt much use then).


  • Registered Users, Registered Users 2 Posts: 11,205 ✭✭✭✭hmmm


    IP addresses are available publicly.

    Just because you move something into the cloud doesn't make it secure - you're only swapping one set of risks for another. Cloud services don't care about your security as much as you do, you have little visibility as to what they are doing and when things break you'll end up trying to contact someone rather than getting on with fixing it yourself.


  • Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    IP Addresses have WHOIS information. It would be very easy to find one's mail server IP address.

    The benefits of using cloud services only goes so far. You lose control, surveillance requests etc don't go through you etc. The security requirements of a healthcare provider would be different to the requirements of say, a waste management agency.

    The only way to prevent attacks, is not to have it accessible via the internet or on machines that access the internet, unfortunately.


  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    It's more than whois.

    There are the BGP routing tables which list the ip ranges held by large organisations.
    http://bgp.he.net/AS32934#_asinfo

    Getting the IP address of the network gateway / proxy shouldn't achieve much though.

    As for the cloud stuff, there's pluses and minuses.
    Using a cloud front-end and a company owned back-end works for some.

    Microsoft make sure their 365 servers are patched more consistently that the average business, but if you have to, by law, do your utmost to ensure recall notices don't get lost, then some generic microsoft 365 / google apps spam filter mightn't be for you.

    They are finally getting around to making containers for your garden variety operating systems, so maybe by Windows 11, Microsoft Word won't have roughly the same permissions as it's user to access the file server.


  • Closed Accounts Posts: 5,756 ✭✭✭demanufactured


    With big companies using the likes of MPLS WAN's it would be damn near impossible to break into their networks...and even if you did....you'd be found out very quick.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 81,220 ✭✭✭✭biko


    Read Kevin Mitnick about social engineering. You're probably going to have less hassle that way.


  • Registered Users, Registered Users 2 Posts: 14,012 ✭✭✭✭Cuddlesworth


    With big companies using the likes of MPLS WAN's it would be damn near impossible to break into their networks...and even if you did....you'd be found out very quick.

    The larger the network, the easier it becomes for mistakes to happen and backdoors to appear. It costs nothing to keep a botnet running scans. But social is always the best option.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,565 Mod ✭✭✭✭Capt'n Midnight


    Leave a USB key in the carpark in the morning , chances are someone will take it in and stick it in a machine.

    The device could use a light sensor to figure out when the office was empty and switch over to evil mode.

    Worst case is that the USB controller on the motherboard gets reprogrammed. And in much the same way that warts hide from the immune system by staying on the outside, AV scans and BIOS upgrades can't reach a controller that might only be programmable from the USB port.

    Link may be blacklisted at work
    https://srlabs.de/badusb/
    Reprogramming USB peripherals. To turn one device type into another, USB controller chips in peripherals need to be reprogrammed. Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming.

    BadUSB – Turning devices evil. Once reprogrammed, benign devices can turn malicious in many ways, including:

    A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
    The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
    A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.


  • Registered Users, Registered Users 2 Posts: 20,194 ✭✭✭✭jimgoose


    Do a Bill Adama on it. Forget about computers and networks altogether.


  • Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    Solution: Put silicon in the usb ports and disable them in Windows.


  • Advertisement
Advertisement