[Dshield] General security question

Kenton Smith ksmith at chartwelltechnology.com
Mon Nov 25 16:43:49 GMT 2002


There are a whole bunch of issues wrapped up in these two paragraphs. From
what you are describing, the security seems to be pretty decent. At least
they are using SSL and proxy's etc. Here's what I would be concerned about:
1. I'm not sure whether you mean that they can copy files to your network or
from your network, or both. If they have the ability to copy files to your
network, I'd be concerned. 2. What kind of security do they have in place to
make sure that nothing that happens on their network, ie. viruses and worms,
will infect yours? Make sure (as has already been noted) that they have very
limited write access.
3. Why do they need to have this kind of regular access to your network
anyway? I don't know how much authority you have, but if you are responsible
for the security of your network, you should be able to ask this. If it was
my network I'd question why they can't just use FTP to transfer files, or
write them a CD every week or month or whatever frequency they need. It
sounds to me like they just want to have the easiest, least-effort way of
getting at stuff they need. If you have a security policy in your company,
does this fall within the guidelines of that? When we have auditors come in
to our offices, they never get access to the actual digital files. We
provide them with all the paper copies they want, but they never get direct
access to our files. Obviously someone higher up the chain has given them
this kind of permission, but if security is your responsibility you should
at least make it known that this is a concern of yours (I think it should
be).


Kenton Smith

P.S. It isn't Arthur Anderson is it? ;)

-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf Of
Vince Flammia
Sent: Friday, November 22, 2002 12:36 PM
To: list at dshield.org
Subject: [Dshield] General security question


I have found people who work for associate companies (i.e. auditors)
connect to our internal network.
They are served a valid dhcp address which then allows them to access
the Internet via a valid proxy server.
They are then using a piece of software which uses SSL to connect to an
outside SSL server (similar to a clientless VPN). They are then able to
transfer files to their machines into our network.

This does not seem very secure to me but "the business" allows our
auditors to connect to our network and we do allow our internal users
http access o the Internet. Since this traffic is all valid, according
to our network structure (proxy, firewalls, etc), and because the
traffic is SSL I cannot see what is really happening. Can I take any
further steps to protect our internal network?




More information about the list mailing list