Re: Switch security

From: Karl Levinson [x y] MVP (jamescagney90210@excite.com)
Date: 10/19/02 

From: "Karl Levinson [x y] MVP" <jamescagney90210@excite.com>
Date: Sat, 19 Oct 2002 10:04:56 -0400

"Altan" <n@s.com> wrote in message
news:69ac01c276d3$37f5fc40$2ae2c90a@phx.gbl...

> I have been advised we should install a switch for
> security purposes. The reasons that I where given: So
> users cant crack the administrators password, Hackers wont
> be able to created a backdoor on a users computer and then
> access the network via that machine.

I agree with the other post. Switches are generally better than hubs for
performance [in and a little bit for security, but can be circumvented, and
I'm told rather easily. [Also, a computer or user can be tricked into
sending its password hash to another computer directly, in which case the
switch happily passes the hash to the intruder, as long as there's no
firewall in the path blocking it.]

It's more important first to make sure your computers are secured - all
service packs and patches, configured using one or more hardening checklists
such as the ones at www.microsoft.com/technet/security and www.nsa.gov etc,
antivirus that downloads updates daily, run vulnerability assessment scans
such regularly such as MBSA from www.microsoft.com/download and the free
languard network scanner from www.gfi.com, you might also want to enable
logging and auditing, use a file change checker like Languard file integrity
checker [free] at www.gfi.com under the white papers section, etc etc.

> Don&#8217;t you need administrator permissions in the first
> place to run programs like L0phtcrack? And how is the

No. You might need local administrator permissions on the computer in some
cases to enable or install a sniffer, but this isn't as hard as you think to
get.

> switch going to prevent a hacker from the internet getting
> access to computers on the network? We already have all
> ports blocked on the firewall minus, 21,23,53,80,110,443.

You just mentioned most of the common ports that hackers use to compromise
the network. Check www.Dshield.org or www.Incidents.org for stats. [I'm
surprised you need telnet 23 open.]

As far as I understand it, one of the most common scenarios for sniffing
passwords is an attacker exploits an unpatched vulnerability in an
internet-visible server, like a web, FTP, DNS, mail server etc., to gain
system-equivalent privileges. The attacker uses the vulnerability to
download a sniffer program and/or password cracker to the web server and can
potentially capture passwords, even if the network is switched. If your
password on the web server is the same as on your windows domain, that could
be trouble. Other computers that are already connected to your web server
or are set up to trust your web server could also be trouble.

> I would like to know if installing the switch is
> advantages for us besides and what those advantages maybe.

It's not a bad idea and is usually inexpensive nowadays, though if it's not
inexpensive for you, it may be worth thinking twice about or putting on the
back burner.