security concerns with cable splitters

[NSweaney at tulsacash.com (Nathan Sweaney)]

The sensitive data is encrypted, but if a user surfs to
http://www.google.com, an attacker with the ability to inject packets
could easily add an exploit to the page.  Assuming the exploit payload
was a reverse shell that connects over 443 back to the attacker's evil
server, now that attacker has a foothold on the network.  Even if our
IDS caught an obvious exploit, the attacker could inject the BeEF code
which wouldn't likely be detected.

But that's only possible IF the attacker can intercept/inject packets
over the coax.  

In other words, I'm not so much concerned about the data that's leaving.
It's good.  I'm concerned about allowing an attacker in which could
eventually lead to gaining access to the data before it is encrypted.


-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Josh Olson
Sent: Thursday, April 02, 2009 3:17 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] security concerns with cable splitters

On Thu, Apr 2, 2009 at 4:10 PM, Nathan Sweaney <NSweaney at tulsacash.com>
wrote:
> All sensitive data is encrypted, but I'm concerned that if the 
> attacker is able to intercept/inject packets, he could infiltrate the 
> system using something like BeEF of any old exploit that would then 
> let him pivot & attack the data from the inside before it gets
encrypted.

Maybe I'm misunderstanding what you're saying here. But it seems like
the data should be encrypted before it reaches the cable modem on the
way out. This based on the assumption that the cable modem is plugged
into some sort of router, and all sensitive traffic is encrypted
(through some other means) prior to routing.
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com