[Dshield] General security question

Bjørn Ruberg bjorn at ruberg.no
Sun Nov 24 21:48:15 GMT 2002


>> I have found people who work for associate companies (i.e. auditors)
>> connect to our internal network.
>> They are served a valid dhcp address which then allows them to access
>> the Internet via a valid proxy server.
>> They are then using a piece of software which uses SSL to connect to
>> an outside SSL server (similar to a clientless VPN). They are then
>> able to transfer files to their machines into our network.
>>
>> This does not seem very secure to me but "the business" allows our
>> auditors to connect to our network and we do allow our internal users
>> http access o the Internet. Since this traffic is all valid, according
>> to our network structure (proxy, firewalls, etc), and because the
>> traffic is SSL I cannot see what is really happening. Can I take any
>> further steps to protect our internal network?

Denying write access secures your network from unauthorized users changing
or adding files (trojans?). But there is also the confidensiality aspect.

Protecting your internal network from people already on the inside is not
necessarily the task of the people responsible for the firewall (your
perimeters). If you are concerned about internal information, company
secrets  etc. getting out through auditors, the persons responsible for
internal security did not do their job. If anyone on the inside wants to
get information out of your company's building, they will - be it
auditors, janitors or employees.

I would assume that the agreement between your company and the auditors
regulates transporting information out of your network. However, if
confidential information is publicly available on your network, perhaps an
audit is just what the doctor ordered.

Anyways, you should install a specified whitelist for your SSL proxy, thus
keeping track of where people establish such connections to. SSL
connections should be authorized by security management, who have been -
by you :) - made aware of the security hole an SSL tunnel represents.
Check out http://www.gotomypc.com/ for an example of how much potensial
harm can be done through SSL. Would *you* want your employees to export
their desktop computers to an Internet web site?

Bjorn





More information about the list mailing list