Announcement

Collapse
No announcement yet.

Anti-Tethering Security

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Anti-Tethering Security

    So, recently here in my "Den of Iniquity" (AKA my office) I have noticed that there are a select few people that have decided to get smart and tether their windows mobile based phones to their computer in order to bypass my firewall setup. I am all for the freedom of information! I am indeed a pen tester and a Hacker by trade but I have already had to clean one due to a virus. (please keep in mind, My IT Dept does not support these WM phones)

    Question:
    How would you as a professional, go about this situation?
    would you:
    A) set a network policy disabling the user from creating new network connections
    B) Remote into these individual's machines and disable all the USB ports other than the keyboard and mouse
    C) Nothing Bro! Freedom of information! Hack the Planet!
    D) Other
    Tags: None
  • #2
    Re: Anti-Tethering Security

    Originally posted by okitrance View Post
    A) set a network policy disabling the user from creating new network connections
    B) Remote into these individual's machines and disable all the USB ports other than the keyboard and mouse
    C) Nothing Bro! Freedom of information! Hack the Planet!
    D) Other
    A) Yes
    B) Yes, but this could cause you other headaches
    C) Fsck those types of people. Your responsibility to protect the network
    D) Amend the IT AUP to encompass these types of connections. Have all employees sign amended policy that they understand doing such things will lead to disciplinary action
    E) Erect a faraday cage around your building.

    Probably a GPO is your best method of controlling such, but you should definitely pursue D as well.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

    Comment

    • #3
      Re: Anti-Tethering Security

      Also consider that your firewall policies are preventing them from doing what they want, perhaps it's easier overall to let them do what they want through something you control, rather than making them get creative.

      Comment

      • #4
        Re: Anti-Tethering Security

        Originally posted by bluerules View Post
        Also consider that your firewall policies are preventing them from doing what they want, perhaps it's easier overall to let them do what they want through something you control, rather than making them get creative.
        If they're getting infected with bad things, then chances are, they're doing something that they shouldn't be doing. Sure opening the firewall rules might be good for the user, but isn't good for those that need to fix the problems.

        I bet if you were to question what they're doing that they feel the need to bypass the firewall they wouldn't want to admit what they're doing.

        If they can provide a good business situation that they need something in particular open, then they shouldn't have a problem asking for it, but most of the time, the people that are bypassing it, are doing it because they want to update their twatpage or something similar.
        A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

        Comment

        • #5
          Re: Anti-Tethering Security

          I would say that a cell phone-jammer would be the best route...

          Or, a more legal option that's effective is editing the employee agreement to disallow this type of action, as well as disabling the option to create the new connection.

          Though, you may have some issues with this, if you have any traveling sales people, they may need to tether out in the field.

          Comment

          • #6
            Re: Anti-Tethering Security

            Policy is your stick, start with that. Make sure you have support from senior management. If the people at the top won't back you up, dont bother, just cover your ass and move on. If they will, then have them send the directive that this sort of behavior is against policy and to knock it the fuck off.

            Network layer controls are merely the enforcement points for your security policy. If you have the right people on board, then leverage network controls to enforce.

            Its not your job to be Robin Hood, its your job to secure the network.

            I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

            Comment

            • #7
              Re: Anti-Tethering Security

              Originally posted by noid View Post
              Policy is your stick, start with that. Make sure you have support from senior management. If the people at the top won't back you up, dont bother, just cover your ass and move on. If they will, then have them send the directive that this sort of behavior is against policy and to knock it the fuck off.

              Network layer controls are merely the enforcement points for your security policy. If you have the right people on board, then leverage network controls to enforce.

              Its not your job to be Robin Hood, its your job to secure the network.
              I completely agree with this, and should have probably made my post a little more clear as to the correct sequence to follow.
              A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

              Comment

              • #8
                Re: Anti-Tethering Security

                Originally posted by bluerules View Post
                Also consider that your firewall policies are preventing them from doing what they want, perhaps it's easier overall to let them do what they want through something you control, rather than making them get creative.
                This is not so much an option because among the rest of the pretty standard network settings, we adhere to PCI compliance which is hands down one of the worst things on the planet.

                I feel the best route is to run this through the "bigwigs" and them decide what to do about it based on some of my recommendations. I was however, curious what some other opinions are and if anyone has resolved a similar issue. it should be noted that i have a network connection setup in my lab that is made available for the developers if need be.

                Comment

                Previous template Next
                Working...
                X