|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: finding undocumented external connections
torkel.thune
kreditkassen.no
Wed, 5 Aug 1998 11:44:33 +0100
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Andrew J. Luca: "RE: WORM file system for logging"
- Previous message: Godfrey_Curetoncca-int.com: "Re: Screening Outgoing Mail for Content"
- Maybe in reply to: Bruce B. Platt: "Screening Outgoing Mail for Content"
Another way to check for unauthorised modem user is to log all external
numbers going through you PBX and compare this file against a database of
known ISP numbers - then you have to pay the caller a visit.
We tried this and got some interesting results!
But be sure you have legal and management cover before you do this!
Another line of defence in your work with removing unauthorised connections
is to educate your IT Maintenance people to look for and report if they
find traces of such connections, e.g., loose cables connected to COM-ports,
change in configuration of the clients.......
Torkel Thune
"Stout, Bill" <StoutBpios.com> den 03.08.98 17:04:29
Send svar til "Stout, Bill" <StoutBpios.com>
Til: Firewall-wizards <firewall-wizardsnfr.net>
cc: (bcc: Torkel Thune/HK/CBK)
Emne: RE: finding undocumented external connections
Watch for unknown IP addresses on the net, or lots of traffic to one
node that may act as a gateway. To do this you need a monitor on each
local network (either sniffers, network probes, IDS, or other). Once
you see a foreign address, trigger a script to traceroute it, probe it,
identify it.
If your users add a modem to a PC, you won't see it from the network.
You can wardial each area-code/prefix, but you'll miss modems which are
not in auto-answer mode. Wardialers will catch users who created
dial-in access to your net (carbon copy, PC-anywhere, RAS, PPP/terminal
servers, etc). Requesting a copy of each offices' phone bill may be of
some help, but multiple departments may be paying separate bills.
Company policies help, if the directors and employees take them
seriously.
Bill Stout
> ----- Original Message -----
> From: Ng, Kenneth [SMTP:kenngkpmg.com]
> Sent: Friday, July 31, 1998, 8:01:08
> To: Stout, Bill
> Subject: finding undocumented external connections
>
> [To unsubscribe, send mail to majordomolists.gnac.net with
> "unsubscribe firewalls" in the body of the message.]
> -
> I have a question to those people who run large networks. Sorry this
is
> not directly related to firewalls, but I believe it to be reasonably
> close. If you have lets say a hundred or more offices, it becomes
> impratical to visit each and every one can conduct an audit of the
> network in that office. What methods are there for finding out if an
> office has set up an unauthorized connection to either the Internet or
> to another company? Currently the only way I know is to see if an
> unusual route shows up on the WAN. Yes I know that the best system is
> for people to report such connections, but if this was a perfect world
> we wouldn't need locks on our doors. Thank you in advance for your
> suggestions.
> ----- End Of Original Message -----
- Next message: Andrew J. Luca: "RE: WORM file system for logging"
- Previous message: Godfrey_Curetoncca-int.com: "Re: Screening Outgoing Mail for Content"
- Maybe in reply to: Bruce B. Platt: "Screening Outgoing Mail for Content"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:39 CDT