Back at BrandName University we have a few students in the cafeteria studying for their classes. Everyone looks like they are keeping busy on their laptops going over slides and research material. Some are reading their Facebook pages and checking their latest Twitter streams. Only a well-trained eye would be able to see that one of these students has aligned themselves in the corner of the room able to see everyone and inversely not showing anyone what they were doing. At first glance one may assume they are elbow deep in obscure porn. However the only act this student-looking person is massaging is wireless packets. … and she’s good at it.
With her back to the corner Eva is fitting in perfectly wearing her white iPhone earbuds listening to streaming music over the university’s open wifi network. She doesn’t really care what she’s listening to as long as she hears music; not because she is artful in the ears of a well-rounded audiophile but because she’ll be alerted first hand if and when her wireless connection has been cut. Although ever since the first day she found BrandName she did a preliminary stealth scan to see how isolated the wireless network was. She didn’t want to waste her time if she was presented with a walled garden, and even wasn’t really looking forward to a generic student sign-in portal. Although in the past she’s had no problems finding a friendly male student to sign in for her. From her experience targets are suckers for the slight chance of hope. This time she was in the mood for low-hanging fruit and she had a feeling it was ripe for the picking.
She found this place wardriving around town and over the last few days started from sitting in her vehicle for a few minutes in the sweltering heat to now spending a few hours in the air- conditioned cafeteria. Before getting so comfortable she had ‘cased the joint ‘a few times noticing no security cameras anywhere. She saw some overweight security guy sitting at the front but she never thought of going that way. There’s a security guy there for a reason and she didn’t want to give it to him. From the parking lot she saw a lot of people entering through the big side door without having to flash an RFID badge or magstripe swipe and figured it was ‘normal activity’; she was overjoyed when she saw it was a common cafeteria where others co- mingled, ate and studied. Before planting herself she made sure she read the university’s website and had a gist of what her ‘student portrayal’ was in case anyone asked, turns out no one really even noticed her coming and going. She hated talking with targets if it wasn’t completely necessary.
On this third trip scavenging a network scan she noticed that a new device had been placed on the network. She looked up the Organizationally Unique Identifier (OUI) using the device’s Mac address and it was a Netgear switch of all things. Seeing the building was laid out with Cisco equipment she found it peculiar that this low-end device would be on the network. She also noticed a handful of new machines connected to the Netgear and proceed to fingerprint them. Two of them were servers (one 2003, one 2008R2) and one was a XP workstation. To her it looked like some foolish technician had set up a test environment on the production environment plainly crossing the security boundaries by the Cisco network infrastructure. There was no way she was going anywhere while this (mis)configuration existed. With her service scans she was able to see they all had RDP open as well as file-shares available. Seeing security so lax she figured that the machines would also be out of date for patches firing up a vulnerability scan… she was right…
With this scenario and in terms of security the light is on but clearly no one is home. The entity at large is a hodgepodge of asynchronous contracted and subcontracted offerings and implementations. With no one at the helm a lot of things get missed and fall through the cracks. Especially when it comes to plugging in rouge network devices. Such an environment would do a lot better under the purview of an Adaptive Network Access Control appliance such as the Milton Security Group’s Edge7200i where every packet has a purpose.