Hidden Backdoors? IT might be your admin
For now I'll just post a few common things I have seen over the years. The firewall settings section is not easy and many of you might just take the simple path and allow just about anything to access on any port. Listening or not, Responding or silent you have to think they know what you know at all times.
Mix things up if you really want to make your efforts pay off. Port 5900 is scanned also as 5901, 5902, 5903 etc. Why even use 5900 anything if you know that is what MC use.
More details to follow and some simple yet very effective firewall settings that you can run. Your logs are going to be worth reading.
Network Security is a four letter word for most IT administrators. Think about all the work you do to help the people on your network and you leave that one four letter word out of all your planning and designing.
What is the four letter word I'm talking about? It's "HACK" and from this point forward this four letter word will be referred to as "Net Mistake."
I have good reason to not use the Net Mistake word and you will understand why it's not wise to mess with the Net Mistake groups. For one, most have more time than you do and know things you don't. They are our genius level people that like the challenge. No matter who you are and what network you manage one day someone will Net Mistake your network and if you are lucky they will leave a mark that will transfer to your brain.
Like you I've read hundreds of hours of other peoples stories and I could share a few of my own with you but then what would make this Network Security section different? Nothing and that's why I'll be jumping directly into systems that needed to be reviewed.
Below the horizontal line I'll be posting reference material that I think might help you. First thing you need to do is find a few tools to check your network then you need to create a basic network policy on paper and then put it in action.
Example: Guest accounts which is not your disabled guest account but those that from time to time work from your network without a domain login. How do you setup access for a visitor to your office?
Here's a few of my best Guest account scenarios.
- Tell your guest to purchase their own internet access via wireless carrier (telco)
- Build a guest network independent from your main network.
- Allow your guest to use a computer with no network privileges other than http: 80,443.
- Tell your guest that your IT manager is out of town and you don't know how to set them up.
The best method is to never share your corporate network with anyone other than staff / employees. But many times we just can't do this and need to allow a few visitors access to a share or to the internet and email. When you do this think about what will happen after your guest leaves the building.
Story Time: A Jewelry store allowed 2 visitors to connect to their internal network back in January. The visitors were friends of one of the employees. They enjoyed the speed of the network and downloaded a few files from online. While they were downloading a virus detected the LAN and traversed over to the XP system that was used as their POS (Point of Sale). The virus embedded into the system and then relaxed a bit. The Anti virus program didn't detect anything. Six months later the anti virus finally detected this virus on the POS system and started to shut it down. The instant the anti virus attempted to shut down the active virus a secondary virus was launched. The secondary virus was called "RANSOM" the primary was a simple keylogger and backdoor trojan. The Jewelry store that same week changed it's name, owner and computer systems. They knew what happened but didn't know how or when it started.
We all have stories we can share and I really don't mind reading about the unique ones. But what I would like to do is show you in real-time the differences between secured networks and controlled networks.
The articles by topic are listed below. Never think you will not be hacked you will one day. Just be ready when you are to act quickly and to be smart about it. When you receive an email from the XCtM Project 2.0 you best read it because it's only 0.5 seconds old.
Network Security Resource Links