Security Basics mailing list archives
Re: Unauthorised switchport access
From: MaddHatter <maddhatt+securitybasics () cat pdx edu>
Date: Wed, 15 Nov 2006 01:27:10 -0800
gary.shaw () dfpni gov uk said (on 2006/11/14):
From: gary.shaw () dfpni gov uk Subject: Unauthorised switchport access Guys I am responsible for several LANs that include sharing WCs with other organisations, and therefore access to my 3750 switches in unlocked cabinets. I have no port security enabled and the ports are not shut down. I would like to know the security implications of having unused switchports available to anyone eg with a laptop & DHCP configured? Are there any simple pentests i could complete myself? Is my organisation's network a sitting duck?? Thanks in advance!
WCs... water closets? If someone has physical access to your switches (and therefore the serial console), they can -- at the cost of a reboot -- have total and complete access to do anything from changing your switch configuration to loading a new (perhaps hacked?) version of IOS. Hopefully you would notice a switch reboot, but by that point it's too late for preventative measures. So what damage can be done without rebooting? From what you describe, someone could plug in their laptop and have access to your network. If they didn't get network configuration information from DHCP, they could just try stealing IP addresses. Once on your network, they could start a rouge DHCP server, advertise malicious default routes, deplete the switch's arp cache and try to sniff unencrypted network traffic, and so on. You don't need a "pentest" to see the risk involved. Even if you can't do anything about the physical access, you can help yourself by: - shutting down ports that are not in use This forces an attacker to unplug another device to gain access - Use port security Even if the attacker unplugs something, they will not get network access - Enable DHCP snooping and don't give DHCP leases to unknown devices Even if the attacker manages to get on your network the ability to cause damage is minimized. I personally wouldn't stand for unauthorized physical access to my network infrastructure. It's as bad, if not worse, than someone having unauthorized physical access to your offices and server room(s). Best of luck. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Unauthorised switchport access gary . shaw (Nov 14)
- Re: Unauthorised switchport access Aaron Howell (Nov 15)
- Re: Unauthorised switchport access Kern (Nov 15)
- RE: Unauthorised switchport access David Gillett (Nov 15)
- Re: Unauthorised switchport access MaddHatter (Nov 15)
- RE: Unauthorised switchport access Murda Mcloud (Nov 15)
- <Possible follow-ups>
- RE: Unauthorised switchport access Scott Ramsdell (Nov 15)
- RE: Unauthorised switchport access Erick Jensen (Nov 15)
- RE: Unauthorised switchport access dholton1 (Nov 16)