Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unauthorised switchport access

From: MaddHatter <maddhatt+securitybasics () cat pdx edu>
Date: Wed, 15 Nov 2006 01:27:10 -0800
gary.shaw () dfpni gov uk said (on 2006/11/14):

From: gary.shaw () dfpni gov uk
Subject: Unauthorised switchport access

Guys

I am responsible for several LANs that include sharing WCs with other organisations, and therefore access to my 3750 
switches in unlocked cabinets. 
I have no port security enabled and the ports are not shut down. 
I would like to know the security implications of having unused switchports available to anyone eg with a laptop & 
DHCP configured? 
Are there any simple pentests i could complete myself?
Is my organisation's network a sitting duck??
Thanks in advance!


WCs... water closets?

If someone has physical access to your switches (and therefore
the serial console), they can -- at the cost of a reboot --
have total and complete access to do anything from changing your
switch configuration to loading a new (perhaps hacked?) version
of IOS. Hopefully you would notice a switch reboot, but by
that point it's too late for preventative measures.

So what damage can be done without rebooting? From what you
describe, someone could plug in their laptop and have access
to your network. If they didn't get network configuration
information from DHCP, they could just try stealing IP
addresses. Once on your network, they could start a rouge
DHCP server, advertise malicious default routes, deplete the
switch's arp cache and try to sniff unencrypted network traffic,
and so on. You don't need a "pentest" to see the risk involved.

Even if you can't do anything about the physical access,
you can help yourself by:
 - shutting down ports that are not in use
   This forces an attacker to unplug another device to gain
   access
 - Use port security
   Even if the attacker unplugs something, they will not get
   network access
 - Enable DHCP snooping and don't give DHCP leases to unknown devices
   Even if the attacker manages to get on your network the
   ability to cause damage is minimized.

I personally wouldn't stand for unauthorized physical access to
my network infrastructure. It's as bad, if not worse, than 
someone having unauthorized physical access to your offices and
server room(s). Best of luck.



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: