Expected Threats

The principal threat in teleworker connections is the lack of physical or network controls. Today's home user LAN can look like the one shown in Figure 15-1.

Figure 15-1. Typical Home Network

Likely, the only piece of equipment controlled, partly, by your organization is the teleworker system. In this design, for example, all traffic sent by the teleworker system can be seen by the other systems connected to the hub. Anyone connecting to the (likely insecure) wireless LAN (WLAN) access point (AP) can send traffic to the teleworker directly. If the teleworker system uses the WLAN AP for most of its connectivity (not uncommon), all packets sent from the teleworker system can be viewed by anyone with access to the WLAN traffic.

Although the home LAN is hardly secure, it is nothing compared to the connectivity a teleworker might use at an airport. Here, competitors, attackers, and other curious individuals can be directly connected to one another.

The likely attacks encountered by the teleworker are oriented around attackers attempting to get direct access to the system, use the system as a launch pad to access the corporate network, or infect the system with a virus that later might infect the corporate network. Table 15-1 shows the threat list from Chapter 3, "Secure Networking Threats," tuned to represent likely attacks for teleworkers.

Table 15-1. Teleworker Threats

 

Detection Difficulty

Ease of Use

Frequency

Impact

Overall

Direct access

3

5

5

3

40

Virus/worm/Trojan horse

3

4

5

3

38

Remote control software

5

3

3

4

36

Probe/scan

4

5

5

1

33

Identity spoofing

4

3

1

5

33

War dialing/driving

5

3

2

4

33

Sniffer

5

3

3

3

32

Buffer overflow

4

3

3

3

31

Rogue devices

3

1

2

5

31

Rootkit

4

2

2

4

30

TCP spoofing

5

1

1

5

30

Distributed denial of service (DDoS)

3

2

2

4

29

Man-in-the-middle (MITM)

4

1

1

5

29

Transport redirection

4

3

2

3

28

Smurf

3

4

1

3

26

ARP redirection/spoofing

3

2

1

4

26

Application flooding

4

5

1

2

25

Web application

3

3

1

3

24

TCP SYN flood

3

5

1

2

24

Network manipulation

2

3

1

3

23

IP redirection

2

1

1

4

23

MAC spoofing

3

1

2

3

23

UDP spoofing

5

3

1

2

22

Data scavenging

5

4

1

1

20

IP spoofing

2

4

2

1

20

MAC flooding

3

1

1

3

20

STP redirection

3

1

1

2

16

In the list, direct access is the most common attack because a teleworker PC often is not protected by any form of network infrastructure. This allows an attacker to communicate with the PC on any port or protocol with only the local application security to protect the device. As with the previous two chapters, virus/worms/Trojan horses are always present, making host protections, such as antivirus, essential. Also, if you've ever run a firewall on a home connection, you know that your IP addresses are frequently scanned by any number of locations all around the Internet. If your host is adequately hardened and protected, you have nothing to worry about because would-be attackers will find plenty of other easy targets in their scans. Similarly, remote control software can be installed by using many different mechanisms, including direct access or virusthe number one and number two attacks.

Identity spoofing is a common form of attack in teleworker PCs that have some resource shared with the network. Windows shares, a Secure Shell (SSH) daemon, and other accessible services frequently are attacked by using default or weak passwords in an attempt to gain access to the system. A deliberate attacker targeting a specific resource is likely to be much more diligent. Finally, war driving is an increasingly common attack now that many broadband-connected homes have 802.11 WLAN access. Because the majority of this access is secured poorly, if at all, this gives attackers free Internet access at best and direct access to your users' data at worst.

NOTE

As I've said before, the weightings on these attacks are a potential answer but not necessarily the answer based on your own requirements. These values are subjective and should be freely tuned to more accurately reflect your own network and policies.

Категории