BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Security

Subject: [Discuss] Security
From: markw at mohawksoft.com (markw at mohawksoft.com)
Date: Wed, 2 Nov 2011 15:11:05 -0400
In-reply-to: <CA+h9Qs4g9hb2j4xv++-gEyhsMbfVUyEqzOE2QHZ5kS0PSN=XQQ@mail.gmail.com>
References: <0736ad51462870c3bb6311e908a7bb22.squirrel@mail.mohawksoft.com> <CALsBAkJB=E02NdtJe2vbbLy-cN1JMDTXVLDqN9YZu8j4jwfmhg@mail.gmail.com> <CAOTD2YSo+LZfPx1spuWqWR-f+jKZM18KEYiWbfvjtruTfZ4mKw@mail.gmail.com> <CA+h9Qs4g9hb2j4xv++-gEyhsMbfVUyEqzOE2QHZ5kS0PSN=XQQ@mail.gmail.com>

> Every Ethernet device has a unique MAC address. If you document
> every MAC address of all your company's legitimate systems and
> devices, then any unknown MAC address will be a rogue device.
> Tracking them down should then be fairly straightforward.

Little known fact, you can change the mac address in a good number of
devices.
>
>
>
> On Wed, Nov 2, 2011 at 2:19 PM, Matt Shields <matt at mattshields.org> wrote:
>> On Wed, Nov 2, 2011 at 2:05 PM, Gregory Boyce <gboyce at badbelly.com>
>> wrote:
>>
>>> On Wed, Nov 2, 2011 at 1:10 PM, ?<markw at mohawksoft.com> wrote:
>>> > At my work, here are a few vending machines. One of these machines
>>> has a
>>> > nice little antenna on it. Presumably, it communicates via cellular
>>> > network to the vendor in order to report on usage and supplies. Yes,
>>> good
>>> > idea. Cool.
>>> >
>>> > It occurs to me that this machine, most likely, did not have to go
>>> through
>>> > any vetting. Not only that, I bet the grunts that stock these
>>> machines
>>> are
>>> > hired more for strong backs and no criminal record.
>>> >
>>> > So, here we have a powered machine with external wireless
>>> connectivity on
>>> > the premises with no actual over site. It is there 24x7, powered!
>>> >
>>> > Think of all the cool/evil things you could put in a vending machine
>>> with
>>> > a wireless link. Imagine having direct access to a Linux box in
>>> almost
>>> any
>>> > company you want. You could run any software you want. You could have
>>> > wi-fi too. Could you break the company's wireless security? Could you
>>> > monitor their wireless communications? Could you eaves drop on
>>> > conversations near by?
>>> >
>>> > Everyone suspects the cleaning crew, and if you are interested in
>>> > security, you do background checks. Almost no one cares about the
>>> vending
>>> > machines.
>>>
>>> There's nothing that device can do to your wilreless network that a
>>> person with a directional antennae can't already do. ?As long as you
>>> don't plug it into your internal network, you're not worse off.
>>>
>>> As for the eavesdropping, you wouldn't need an obvious antennae for
>>> that. ?There could be a camera or microphone in older vending
>>> machines, televisions, coffee machines, fridges, ceiling tiles or even
>>> a cabinet. ?These could have less obvious antennas or hey, just have
>>> the recordings picked up occasionally during maintenance.
>>>
>>> There's an infinite number of things that "could" happen. ?You need to
>>> consider the likelihood and impact of those sorts of attacks. ?In most
>>> cases the likelihood is minimal. ?Impact is probably minimal as well
>>> unless its in the board room.
>>> _______________________________________________
>>> Discuss mailing list
>>> Discuss at blu.org
>>> http://lists.blu.org/mailman/listinfo/discuss
>>>
>>
>> I think his point was more that these "smart" vending machines are
>> becoming
>> more commonplace. ?Even these days companies put ethernet jacks in the
>> kitchen, so what *if* someone who was malicious put something inside a
>> vending machine and plugged it into your network. ?Or what if it had
>> camera/microphone, most people talk shop even in the kitchen.
>>
>> Speaking of that, I remember a few years ago a company I was at talking
>> about checking ethernet jacks periodically to make sure no devices were
>> plugged in that shouldn't be.
>>
>> Matthew Shields
>> Owner
>> BeanTown Host - Web Hosting, Domain Names, Dedicated Servers,
>> Colocation,
>> Managed Services
>> www.beantownhost.com
>> www.sysadminvalley.com
>> www.jeeprally.com
>> Like us on Facebook <http://www.facebook.com/beantownhost>
>> Follow us on Twitter <https://twitter.com/#!/beantownhost>
>> _______________________________________________
>> Discuss mailing list
>> Discuss at blu.org
>> http://lists.blu.org/mailman/listinfo/discuss
>>
>
>
>
> --
> John Abreau / Executive Director, Boston Linux & Unix
> Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
> PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

References:
- [Discuss] Security
  - From: markw at mohawksoft.com (markw at mohawksoft.com)
- [Discuss] Security
  - From: gboyce at badbelly.com (Gregory Boyce)
- [Discuss] Security
  - From: matt at mattshields.org (Matt Shields)
- [Discuss] Security
  - From: jabr at blu.org (John Abreau)

Prev by Date: [Discuss] Security
Next by Date: [Discuss] Security
Previous by thread: [Discuss] Security
Next by thread: [Discuss] Security
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org