Wayne Gifford - Internet Commerce Group wrote:
>
> >
> > Folks,
> >
> > Windows95 Workstation on a private network (supposedly secure) with dial-up
> > PPP to the internet.
> >
> > I assume that windows 3.11,NT and 95 can forward packets from the PPP link to
> > the local network, thereby acting as a router and exposing the private network
> > to the internet.
> > Can anyone give me some specific examples of this ocurring and the security
> > effects or point me at a RFC or whitepaper to read?
> >
> >
> Attaching modems directly to a workstation connected to a network
> would be a Bad Thing (TM). Even if IP forwarding and you aren't routing
> is turned off you have exposed an unprotected node to the outside.
Though it is possible for the unprotected node to be attacked, can any one
give any specific examples in a Windows environment ? E.g. if the user
did not have any file sharing, is there any known bug in Windows/Workgroup/
Win95 that allow another person over the Internet to place anything into
the hard disk of the dial-up user ? Also, the IP address of the dial-up
user is allocated by the ISP and change from time to time, how can it be
possible for a hacker to leave a back door and come back again ?
> If someone can log in from the outside while you are connected or
> happens to find your modem's phone number, you've been breached.
>
If I have the auto-answer of my modem turned-off, is this still true ?
Finally, there was a posting previously from Herold Becky on a similar
issue. In his summary of the responses that he had received -
> * Since IP is a two-way protocol, someone could gain access to the dial-out
> PC hard drive (and any networked system) during the dial-out session. This
> is true even when using the non-DID line (which basically protects against
> war-dialers in the event the dial-out user leaves the modem on all the
> time).
I've been trying for a long time looking for the details of how break in can
be achieved through this kind of dial-up connection but to my disappointment,
almost all discussions were TOO GENERAL. I think I need more information to
convince TOP management and myself that this kind of dial-out internet
connection is in fact dangerous before we can lay down some guidelines
and enforce it.
When people are talking about risk about dial-up modems, there are many
many different cases with different level of risks.
e.g. a PC in the office with modem connected and pcANYWHERE installed
and configured to wait for remote control from the home, so that the
employee can use the resources in the office from his home is ABSOLUTELY
dangerous ! However, I think it is quite a different question to allow
a dial-up Internet access using PPP.
(Mind this ! The advertising pamphet is advertising this feature of
pcANYWHERE ! Also, for Win95, MS Plus includes a Dial-Up Networking
Server which can also do that ! How to control these without going
physically there to inspect !!! Using SMS or other remote management
s/w to scan for this kind of s/w ?)
I am now urgently looking for details of these dial-up risks so that
I can put up a security policy, would anyone please give more specific
details on this risk.
E.g.
1. On what OS (Windows 3.1/Workgroup/Win95/OS2) and what TCP/IP
stack (MS/Wollongong/Chameleon etc.) can IP routing occur ?
2. Will the workstation exposed to attack if no file sharing ?
Thanks to all,
Vinci.
Follow-Ups:
References:
|
|
