AMT Banner ADMINISTRATION SOFTWARE SITE MAP AMT SOFTWARE CONTACT AMT SOFTWARE PURCHASING FROM AMT SOFTWARE SEARCH AMT SOFTWARE SOFTWARE PRODUCTS LISTINGS AMT SOFTWARE HOME TOOLS AND UTILITY SOFTWARE DATA REPLICATION AND FAIL-OVER PRINT MANAGEMENT SOFTWARE NETWORK MANAGEMENT SOFTWARE EXCHANGE SERVER SOFTWARE SECURITY SOFTWARE DEPLOYMENT AND UPDATING SOFTWARE ACTIVE DIRECTORY SOFTWARE MANAGEMENT SOFTWARE FOR WINDOWS SERVERS BY AMT SOFTWARE

eEye Digital Security Papers

 

Work place security extends to employee's homes?
by Marc Maiffret

Most computer savvy people by now have heard about cable modems. The technology behind cable modems might be a "tad" insecure itself but for the average home user it is a cheap way to get fast Internet access. It is also a good way to provide a fast connection for employees to work from home, and that is where the problem starts.

When a user works from home on their cable modem, or any other connection for that matter, you are extending your network beyond the physical office and into your employee's home. So you might have top-of-the-line firewalls and other security implementations that secure your office networks but as the saying goes, "A chain is only as strong as its weakest link." Even if an employee working from home does not connect to your network, valuable data is still held on his/her home computer that can lead to a compromise of your company's information. There are a few reasons why cable modems were used in this paper as an example. The first reason being that it will be the most common way for people to work from home. The second reason is that cable modems are easier to map out, physically speaking.

For most areas there are subnets defined to correlate to a city. For example the DNS address: cx67099-x.phnx1.az.home.com gives us the information that the cable modem is located in the Phoenix, Arizona area. If an attacker lives in the city of the company he is trying to break into it is relatively easy to find out the DNS address of a local cable modem and then start her/his scan.

Here is an example attack. The attacker lives in Beefcake, California. The company also resides in Beefcake, California. The general attack would be to first find the subnets allocated for Beefcake, California. You could do a quick social engineering call to the local cable modem sales office, but most likely the attacker would already know someone in the area with a cable modem. So now the attacker knows the subnets allocated for Beefcake, California. An example DNS for one IP on one of the subnets would be something like cx67079-a.befcke.ca.home.com. The attacker would now scan the subnets for common ports such as 139 (nbsession, file sharing). This would give the attacker cable modems that are using file sharing or samba depending on if the remote computers run Windows or Linux. The attacker would try to find any computers on the subnets that he/she could penetrate and look to see if the owner of the computer system worked for the company he/she wanted to steal information from. Going into different break-in methods is out of the scope of this paper, but for the most part breaking into a home user's PC is not the hardest thing to do. On a more direct approach you could get the name of someone at the company that worked in the engineering department, for example, then make some phone calls to local ISPs and cable modem providers to see if the employee in question had an account with them. Once you found out if the employee had an account with an ISP or had a cable modem you could then pinpoint the range of subnets they might use when signed online or, if it was a cable modem, what their static IP is. One way to find out what range their dial-up IP might be in would be to send the employee an eMail and then look at the headers to see the IP address they used when they sent the return eMail. As any skilled hacker or security person knows, it's not hard to find someone's point of access to the Internet, if any. Once you know if you can attack their system and for the common company employee it will not be hard to break into there machine or send them a program that makes a man dance around their screen but really trojan their computer giving you full access.

Some people might be reading this and thinking there are a lot of "If"s involved behind this or, possibly, that it can't happen. From personal experience of doing company security audits, I have on a few occasions, and even for a Fortune 500 company, gained vital information about a company by breaking into the home machines of the employees and not even having to bother with the company's networks themselves.

So what can be done about all this? You could make polices that say people cannot bring their work home etc., but then that would defeat the purpose of working from home. One of the best things you can do is to educate employees on safe practices. Make it a policy that work that is taken home must stay encrypted while not in use. Give them a day session on security basics.

As stated earlier, your company's security is only as strong as your weakest link. By having people work from home you expand your companies network to employee's homes and must safe guard them as you do your office networks.

On a side note, one could also get into other parts of an employee's life such as their answering machine or voice mail.

 

All trademarks are property of their respective owners or holders. Information subject to change without notice
Copyright © 2000 - 2015 AMT Software. All rights reserved.