There was a dude here at my work most of the morning pentesting our network. It’s actually kinda cool. I think that having someone enumerate the most obvious gaping holes in your security setup is a really good thing. Once you identify your biggest issues you can then start figuring out ways to fix them without breaking any existing functionality, and pissing off your users.
It’s sometimes hard not to open up security holes when you are the only person that is qualified enough to notice them, and the security is not the company’s main priority but more of an afterthought. Often I wish I had someone here who could double check my work, point out my mistakes and hit me on the head with a blunt object if I somehow stupidly compromise security for the sake of functionality. And you know that this happens every once in a while.
I briefly talked to the guy and tried to see if we have any outrageous security problems. Fortunately he didn’t really find anything super scary. His biggest concern was that he could sniff out email passwords that were sent in plaintext over the network. Meh… I could have told him that if he asked. We just don’t have any encryption on our POP3 server – we never did.
My boss however was a little freaked out by that fact. I’m pretty sure I mentioned to him our email was unencrypted on numerous occasions. But I guess there is a subtle difference between telling someone: “Your email is unencrypted” and “Look here, I just found out your email password and just about anyone can do the same!”.
He also managed to change a password in one of the company laptops by booting some custom tool from the CD and nuking that stupid registry key. I’m sure that this must have looked like some mind shattering magic to some of the laypeople in the office but I did that kind of stuff with Knoppix STD so meh…
I said it before, and I’ll say it again. If you get a screwdriver access to a machine then all bets are off. There is not good way of securing a machine from this type of attack.
I did learn however that wireless can be made moderately secure if you wrap your WEP or WAP encrypted packets into another encryption layer such as clientless vpn or etc… This is something worth exploring.
I didn’t get much more than that from him. I’m wondering if he found some more interesting stuff that he didn’t tell me about. I kinda expected him to find some really obscure and dangerous little detail that I totally missed, but nothing like that happened. I guess I’ll just have to wait and see. Hopefully they will send us some nice report, or plan of action at some point…
Anyways, it was nice to actually have a technologically competent person at the office, even if it was only for few hours.
[tags]pentesting, penetration testing, security, wep, wpa, email, encryption[/tags]