IT Security Horror Story: Is your Network an Unsegmented Haunted House?

October 29, 2014, Mark Manousogianis, Information Security Consultant, Coalfire Labs

One day I went to a client site to perform internal penetration test to emulate the insider threat. This testing was designed to help this client understand the damage a rogue employee or an intruder who gained physical access to the network could do.  The site that I was visiting was a storefront and had public WiFi.  I told the store staff who I was there to meet, and while I waited for the client to become available I connected to the public WiFi just to have a look.
 
Prior to arriving, I’d received a list of the internal systems that were in scope for testing.  So while I waited, I decided to try to scan the store’s systems just to cross this attack vector off my list. Certainly, this client wouldn’t have bridged his public and private networks – this should be just a quick check. 
 
I was startled to see that I was able to see the cash registers and back office server at the location. After this I started to wonder…I know that the locations are connected to the corporate LAN via point-to-point VPN, I couldn’t see beyond this store could I? I went back to my scope document and found the IP addresses for the corporate headquarters. I kicked off another scan and sure enough, I was able to see this company’s domain controller at their corporate headquarters from the public WiFi of one of their many stores. Taking advantage of the lack of segmentation, I was able to launch attacks on the corporate LAN from the comfort of a table, on the patio of this location, all while drinking the soda that they served me.

Have a scary story of your own? We'd love to hear your story and help you combat your IT monsters!

Learn more about Coalfire Labs:
Penetration Testing
Vulnerability Scanning & Assessments
Social Engineering
Application Security

Read our other IT Security Horror Stories:
The 100 Million Dollar Getaway
The Ghosts Inside
Breaching a bank in 20 minutes

Past Horror Stories
Truth is SCARIER than Fiction Redux
Is your Network an Unsegmented Haunted House?
Digging your own grave with Default Credentials
Slow Network, Big Phish
The Case of the Phantom Blood Red Team
A Tale of Spooky Hosted Images
Ghost in the Machine
Tale of the Fake IT Rep
Truth is Scarier Than Fiction
The Case of the Phantom Technician

Mark Manousogianis

Author

Mark Manousogianis — Information Security Consultant, Coalfire Labs

Recent Posts

Post Topics

Archives