One would think that corporations would take necessary steps to make their network as secure as possible because they are dealing with a lot of sensitive information. Well, at least with one particular company, it partly holds true. Though just about everything requires a UID and pwd, the company has several shared resources and mapped drives with read access. These are normally hidden, and while the corporation’s network spans across Canada and the United states, Security through obscurity seems to be their best defence. A simple NMAP of the network revealed all the shares and browsing these shares, some sloppy admins had their UID and pwd in some files. Using this, another scan using the acquired credentials, access to secure information and drives was obtained, as well as access to Fileservers, backup servers, routers, managed switches and security systems. Other problems arose when many systems had remote desktop enabled, SSH and Telnet were also a means of possible access. If someone had malicious intent, it would be extremely easy to control the entire domain network, and cover his/her tracks using installed proxies and DNS poisoning attacks which are extremely easy to implement in this particular network.
What would be the answer to the many security problems this corporation has?
well a few hints..
Enable program security by allowing only certain programs to be run that are needed to run and necessary to get the job done.
Another one would be to disable the USB ports for portable devices. These are two very easy solutions which can be done at the domain level through active directory.
Anyways, I had fun discovering what I had.
