Here are two contrasting stories of network security for National Security Month. What follows, does not depict real events or persons. In the business world, corporate data is protected by two separate, yet equally important groups: the Information Technology staff, who maintain systems, and management that control budget and strategy. These are their stories:
Scenario 1
“Zeus, this is Striker”, the hacker said, like this was some cool military mission. “You were right about that IP address from the port scan and this should be easy”. The java injection for the just above consumer-grade Sonicwall got the hashed password. Let’s RDC to the mail server using the internal IP specified by the SMTP rule. Yep, same password for the domain administrator account. Score and owned!
Now add an account to the firewall with a special rule and port for backdoor access just in case – it’s takes four steps and as many places to find so it’s not likely to be discovered. Hide another admin account in AD and bury the hacking utilities some three folders down in Windows.
Time for the good stuff – make sure there is full access to all mailboxes and as usual administrator has full permission to all files. Find the HR, Accounting, and Management folders and copy anything that looks promising. Whoops, there’s that password spreadsheet. [Grin] Bingo! We’re in the accounting system and that account number list will help quite nicely.
That should be some good commission. Charlie, I mean Whiplash, has the employee list to get a decent return on stolen identities. Crackers can do the bank transactions and order spurious stuff from suppliers using the accounting data. And finally, Ohura can use Outlook Anywhere and copy or monitor anyone’s mailbox using the website or LinkedIn to target the big-wigs first.
Scenario 2
“Zeus, this is Striker”, the hacker said like this was some cool military mission. “Why are we looking at this one again?”
The firewall was enterprise server grade. Worse the MX record showed that e-mail was hosted at Microsoft. Further, there was a CNAME for SharePoint that likely housed all the critical data, that was also at Microsoft. Ohura was dating a salesman there who was brain-dead and had no scruples about giving away company secrets, but his account only had access to his mailbox and some public sales literature. Even if it was the IT guy, his account wouldn’t have access to all the SharePoint data and mailboxes in the cloud.
I could spend a couple of nights hammering on this firewall, but what is there to go after? For sure, I don’t want to start going after Microsoft and have SWAT busting down the door the next day. “Zeus, let’s go after something with a pay day.”
Nice blog. I will keep visiting this blog very often. I could not read about that before.