Skip Links

Network World

Keatron Evans

Recon yourself?

By Keatron Evans on Mon, 01/05/09 - 5:09pm.

I'm still shocked at how little some admins know about their own networks. I often advise clients on the recon steps we take and suggest they do the same. For example, I've often been on sites that have clear and defined "no wifi" policies, but yet, during wireless LAN surveys paired with ARP discovery, we often find they indeed have wireless access points all over the place, and worse yet, nobody seemed to know it. I'll often see old Unix servers still connected to the network and not documented anywhere. It usually turns out these servers haven't been used (or patched) for years. Just nobody bothered to unplug them or disconnect them from the LAN. Why? How can one possibly secure something if they don't know it's there? How can a security guard physically secure a building if said building has 10 doors and he only knows about 5 of them?

Keatron

Nobody likes to document

0
By Anon (not verified) on Thu, 01/08/2009 - 10:05am.

Nobody likes to document anything. It's a pain and leads to more pains.

Really?

0
By Keatron Evans on Thu, 01/08/2009 - 12:03pm.

I understand that, but documentation today is not what it was 10 years ago. The concept of automating documentation has come a long way. With all of the cheap and even free tools that give us acceptable levels of documentation, there's really not much of an excuse for not doing it. There's a slew of LAN surveying and LAN analyzing tools available. While documentation can be a pain, it is also a pain to recover from having security compromised that was enabled by an undocumented and unpatched node.

Security is a process, a mantra, and a way of thinking. A key part of any solid security program and process is documentation. Those who refuse to do it are going to have a bumpy ride over the next few years. One of the first things attackers look for when checking a target network for vulnerabilities is unpatched nodes. Nodes that go undocumented have a much higher chance of going unpatched. Those that go unpatched are usually a SURE and easy entry point.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
About Author Expert: Keatron Evans

Keatron Evans is a senior penetration tester and principal of Blink Digital Security, based in Chicago. He has more than 11 years experience doing penetration tests, vulnerability assesments and forensics. Keatron regularly consults with and sometimes trains government entities and corporations in the areas of network penetration, SCADA security, and other related national infrastructure security topics. He holds several information security certifications including CISSP, CSSA, CEH, CHFI, LPT, CCSP, MCSE:Security, MCT, Security+, and others. When not doing penetration tests, you can find Keatron teaching ethical hacking and forensics classes worldwide.

We are giving away 15 copies of Keatron's book Chained Exploits: Advanced Hacking Attacks, which will be published in February. Go here for entry details.