Re: Unauthorised switchport access

[Aaron Howell <aaron_howell () ngenuity-is com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

gary.shaw () dfpni gov uk wrote:
> Guys
>
> I am responsible for several LANs that include sharing WCs with
> other organisations, and therefore access to my 3750 switches in
> unlocked cabinets.

So you're granting the world physical access to your network...

> I have no port security enabled and the ports are not shut down. 

And ignoring the controls that you could use to limit said access.

> I would like to know the security implications of having unused
> switchports available to anyone eg with a laptop & DHCP configured?

Think about the security implications of someone with a laptop & DHCP
configured walking into your office and plugging into your network.

> Are there any simple pentests i could complete myself?

Sure, plug a laptop into one of your available switch ports and run
nessus against your network. Simple as can be.

> Is my organisation's network a sitting duck??

Yes

> Thanks in advance!

You're quite welcome. I sincerely hope that this email was intended to
be a joke of some sort, especially considering that it's coming from
someone at The Department of Finance and Personnel for Northern Ireland.
If it isn't, I would suggest that you take whatever measures necessary
to lock down those switches ASAP, at least put the unused ports in
shutdown for Pete's sake. Of course, this won't stop someone from simply
unplugging one of the cables that is in use and plugging their laptop in
there, but at least then your monitoring system would show the event.
(assuming that you have a monitoring system, and that you monitor switch
ports changing state, and that someone pays attention to the monitoring
system)

Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFFWqVV7MF9x9aUuGIRAtwLAJ44pJAMmZ6c/fczFJdrFtEh9zDuEQCfeu+1
GD+Lj8teEQ19rkZ4lI3Nyoc=
=C2T5
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------