The most common cybersecurity question most mid-tier companies ask is: “Are we vulnerable to hackers?” The answer in every case is, “Yes.”
This, of course, is not really the right question. The question they ought to be asking is: “How vulnerable are we to hackers?” or “How well are our security protections working?” To answer these questions, some security testing and some analysis are needed.
With that said, I can probably name three common security vulnerabilities and have a reasonable level of assurance that at least one of them applies to your office. These three deadly security sins make your organization hacker-friendly:
Problem #1 – Publicly accessible Ethernet LAN ports – during every security assessment / penetration test / Red Team engagement, the very first thing I do when I arrive at my client’s office is look for Ethernet ports (those small wall sockets where you can plug-in a computer network cable). In 9 out of 10 instances, these overlooked gems are active and put me right on the client’s network in the reception area–before I even step foot into their actual office space. A small, $5 “leave-behind” device (see picture of Raspberry Pi Zero below) can be plugged-in to the network to begin running attacks, which almost always results in at least domain-user access on the client’s network. Do you think receptionists ever notice me plugging into the network or question what I’m doing? I’ve never been caught doing this to date.
What to do? Ensure all publicly accessible Ethernet ports (those outside your controlled office space) are de-activated and regularly checked to ensure they’re not enabled. Better yet, remove them. Do you really need a LAN drop in your lobby? In my experience, Ethernet ports in a public space are seldomly used (for any legitimate business purpose).
Problem #2 – Guest WiFi networks interconnected with internal business network – almost everyone offers free WiFi to office visitors. Security-conscious organizations attempt isolate their guest WiFi from their internal business networks. Nevertheless, I regularly find “guest” WiFi networks that allow me to access a client’s internal business network. What can I do with that? Potentially, I can find shared files and unprotected systems (like point of sales machines). I can also run all the attacks I would typically do from an office Ethernet drop with the added bonus of not even having to be in the office itself.
What to do? Enable the “guest network” feature on your wireless access points and check to make sure it provides Internet access only. If your wireless network doesn’t support a guest network and providing this service is important to you and your clients, consider buying a separate internet connection with separate WiFi access points.
Problem #3 – Exposed USB ports – would you allow an unknown visitor in your office to sit down at your receptionist’s computer and start exploring your network? Probably not. But leaving USB ports exposed where unscrupulous office visitors can plug devices into them can leave you vulnerable to a wide variety of hacker attacks, including stealing passwords from your network even while your computer’s screen is locked (see: http://arstechnica.com/security/2016/09/stealing-login-credentials-from-a-locked-pc-or-mac-just-got-easier/).
What to do? Consider USB ports an IT asset that needs protecting. Make sure your receptionist’s computer is in a locked cabinet and that point of sale devices are in a protected enclosures (i.e., don’t expose USB ports to the general public).
About PLEX Solutions
PLEX is NSA accredited in cybersecurity vulnerability assessment and delivers a wide range of cybersecurity, engineering, technical expertise and mission critical solutions to Department of Defense, Federal Civilian agencies and commercial customers. Headquartered in Bethesda, Maryland, PLEX’s expertise and commitment to quality services are critical in meeting the missions of our customers.
By Terry Bradley, Vice President at PLEX