Guest Vic Posted September 19, 2008 Posted September 19, 2008 I noticed in Microsoft Windows Network a Mshome domain that shouldn't be there. Upon investigation I found that another business that rents office space in our bank installed a wireless router and plugged it into our router. I was able to track down the other business laptops and found that they were indeed getting ip's and dhcp from our (2003) network. Other than the fact that their laptop security is out of our control, what other risks does having a wireless network in our routers pose? Thanks! Vic Quote
Guest Malke Posted September 19, 2008 Posted September 19, 2008 Vic wrote: <span style="color:blue"> > I noticed in Microsoft Windows Network a Mshome domain that shouldn't be > there. Upon investigation I found that another business that rents office > space in our bank installed a wireless router and plugged it into our > router. > I was able to track down the other business laptops and found that they > were > indeed getting ip's and dhcp from our (2003) network. > > Other than the fact that their laptop security is out of our control, what > other risks does having a wireless network in our routers pose?</span> How ever did that happen?! Of course it is a tremendous security problem. And you run a bank?! With all that financial and personal information?! Here are just a few reasons this is a horrible situation: 1. Any infected machine on their network can infect your entire network, including your server. 2. If you've been so lax in your security, there's a good possibility that any shared resources on your network are available to people on their network. Which is now a shared network. 3. Aside from using up your bandwidth, you've opened yourself to data theft. Don't you have an IT Dept.? You need to separate your network and secure it from any others. If you don't have an IT Dept. (hard to believe that a bank wouldn't), contract with a local professional security/networking firm to come and get you straightened out. Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ Quote
Guest Vic Posted September 19, 2008 Posted September 19, 2008 It happened when the renting businesses' IT department set it up that way unbeknownst to us. "Malke" wrote: <span style="color:blue"> > Vic wrote: > <span style="color:green"> > > I noticed in Microsoft Windows Network a Mshome domain that shouldn't be > > there. Upon investigation I found that another business that rents office > > space in our bank installed a wireless router and plugged it into our > > router. > > I was able to track down the other business laptops and found that they > > were > > indeed getting ip's and dhcp from our (2003) network. > > > > Other than the fact that their laptop security is out of our control, what > > other risks does having a wireless network in our routers pose?</span> > > How ever did that happen?! Of course it is a tremendous security problem. > And you run a bank?! With all that financial and personal information?! > Here are just a few reasons this is a horrible situation: > > 1. Any infected machine on their network can infect your entire network, > including your server. > > 2. If you've been so lax in your security, there's a good possibility that > any shared resources on your network are available to people on their > network. Which is now a shared network. > > 3. Aside from using up your bandwidth, you've opened yourself to data theft. > > Don't you have an IT Dept.? You need to separate your network and secure it > from any others. If you don't have an IT Dept. (hard to believe that a bank > wouldn't), contract with a local professional security/networking firm to > come and get you straightened out. > > Malke > -- > MS-MVP > Elephant Boy Computers - Don't Panic! > FAQ - http://www.elephantboycomputers.com/#FAQ > > </span> Quote
Guest Malke Posted September 19, 2008 Posted September 19, 2008 Vic wrote: <span style="color:blue"> > It happened when the renting businesses' IT department set it up that way > unbeknownst to us.</span> All the more reason to get a network/security professional team in there. This should never have happened. Since it did, you've got to protect your company now. Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ Quote
Guest Vic Posted September 19, 2008 Posted September 19, 2008 So, what I have done, and let me know if this will take care of the problem, is I've unplugged their wireless router from our network until I can contact their technical person ( which will be my next call, pending your reply) and tell him to call someone to add network drops to their router and plug his wireless router into his own network switch. "Malke" wrote: <span style="color:blue"> > Vic wrote: > <span style="color:green"> > > I noticed in Microsoft Windows Network a Mshome domain that shouldn't be > > there. Upon investigation I found that another business that rents office > > space in our bank installed a wireless router and plugged it into our > > router. > > I was able to track down the other business laptops and found that they > > were > > indeed getting ip's and dhcp from our (2003) network. > > > > Other than the fact that their laptop security is out of our control, what > > other risks does having a wireless network in our routers pose?</span> > > How ever did that happen?! Of course it is a tremendous security problem. > And you run a bank?! With all that financial and personal information?! > Here are just a few reasons this is a horrible situation: > > 1. Any infected machine on their network can infect your entire network, > including your server. > > 2. If you've been so lax in your security, there's a good possibility that > any shared resources on your network are available to people on their > network. Which is now a shared network. > > 3. Aside from using up your bandwidth, you've opened yourself to data theft. > > Don't you have an IT Dept.? You need to separate your network and secure it > from any others. If you don't have an IT Dept. (hard to believe that a bank > wouldn't), contract with a local professional security/networking firm to > come and get you straightened out. > > Malke > -- > MS-MVP > Elephant Boy Computers - Don't Panic! > FAQ - http://www.elephantboycomputers.com/#FAQ > > </span> Quote
Guest Malke Posted September 19, 2008 Posted September 19, 2008 Vic wrote: <span style="color:blue"> > So, what I have done, and let me know if this will take care of the > problem, is I've unplugged their wireless router from our network until I > can contact their technical person ( which will be my next call, pending > your reply) and tell him to call someone to add network drops to their > router and plug his wireless router into his own network switch. ></span> Not exactly. It's a good step, but I'd: 1. Have the security professional come in and take a look at your network. 2. Consider flattening/reimaging your workstations and server. You have no idea whether they've been compromised. The security professional - not theirs, yours - needs to make this determination. 3. If you aren't regularly imaging your workstations and server, you need to do this. Ditto for backups and creating a disaster recovery strategy. 4. I'm sure the security professional will also suggest that your server and networking equipment should be in a locked room accessible only to a very few authorized personnel. Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ Quote
Guest S. Pidgorny Posted September 19, 2008 Posted September 19, 2008 G'day: Malke wrote: <span style="color:blue"> > How ever did that happen?!</span> That happens sometimes when branch connectivity is outsourced. Nobody's protected from human mistakes. <span style="color:blue"> > 1. Any infected machine on their network can infect your entire network, > including your server. > > 2. If you've been so lax in your security, there's a good possibility that > any shared resources on your network are available to people on their > network. Which is now a shared network. > > 3. Aside from using up your bandwidth, you've opened yourself to data theft.</span> You are painting a doomsday scenario. For all that to happen, the systems must be insecurely configured and open to remote exploits. That is not always the case. IP networks of most large enterprises and government agencies are porous at best. Therefore controlled access to the IP network itself shouldn't be considered an important protection mechanism. <span style="color:blue"> > Don't you have an IT Dept.? You need to separate your network and secure it > from any others. If you don't have an IT Dept. (hard to believe that a bank > wouldn't), contract with a local professional security/networking firm to > come and get you straightened out.</span> Many banks outsource most of IT operations. And local offices are not allowed to engage 3rd-party security consultants. So the only course of action available to most of the bank staff is to locate information security department (and incident response group within it) and report a security incident. Vic has done great job finding the problem and eliminating the immediate cause. -- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- http://sl.mvps.org http://msmvps.com/blogs/sp Quote
Guest S. Pidgorny Posted September 19, 2008 Posted September 19, 2008 G'day: Malke wrote:<span style="color:blue"> > Vic wrote: > <span style="color:green"> >> So, what I have done, and let me know if this will take care of the >> problem, is I've unplugged their wireless router from our network until I >> can contact their technical person ( which will be my next call, pending >> your reply) and tell him to call someone to add network drops to their >> router and plug his wireless router into his own network switch. >></span> > > Not exactly. It's a good step, but I'd: > > 1. Have the security professional come in and take a look at your network. > > 2. Consider flattening/reimaging your workstations and server. You have no > idea whether they've been compromised. The security professional - not > theirs, yours - needs to make this determination. > > 3. If you aren't regularly imaging your workstations and server, you need to > do this. Ditto for backups and creating a disaster recovery strategy. > > 4. I'm sure the security professional will also suggest that your server and > networking equipment should be in a locked room accessible only to a very > few authorized personnel. > > Malke</span> Disconnecting the wireless bridge may be the only option immediately available. Following your recommendations, however correct, will take time and probably need to involve more people making decisions. While investigations are pending and there is no evidence of systems' compromise and data theft, continuing business as usuall is pretty much the only available option. I would say, conceptually, that connectivity should go via bank-controlled router/switch to avoid situations like that. -- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- http://sl.mvps.org http://msmvps.com/blogs/sp Quote
Guest Galen Posted September 20, 2008 Posted September 20, 2008 My reply is at the bottom of your sent message. In news:OpBlhunGJHA.3548@TK2MSFTNGP05.phx.gbl, Malke <malke@invalid.invalid> typed: <span style="color:blue"> > 2. Consider flattening/reimaging your workstations and server. You have no > idea whether they've been compromised. The security professional - not > theirs, yours - needs to make this determination.</span> As this is a financial organization they may be also under various regulations that require them to report this security breach and maintain evidence depending on the region/country they are from. Other than that, I'd say that the first step is getting a team in there immediately as you suggested is probably the best option. -- Galen My Geek Site: http://kgiii.info Web Hosting: http://whathostingshould.be "It is a capital mistake to theorize before you have all the evidence. It biases the judgment." - Sherlock Holmes Quote
Guest S. Pidgorny Posted September 21, 2008 Posted September 21, 2008 G'day: Galen wrote: <span style="color:blue"> > As this is a financial organization they may be also under various > regulations that require them to report this security breach and maintain > evidence depending on the region/country they are from.</span> Disclosure is required only in situations where actual breach has occurred. I cannot conclude that there was information theft cased on the information at hand. -- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- http://sl.mvps.org http://msmvps.com/blogs/sp Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.