My last post focused on how seemingly harmless user activity can threaten the security of the corporate LAN. What follows here are some of the more malicious activities we’ve seen take place when users are able to take advantage of corporate resources. If you don’t have the right level of visibility on your LAN, you cannot adequately enforce policy or control users. Are things like this happening on your network? Do you really know?
- Nobody will notice if I use this port: IT staff for this customer had an IP address that they thought was a service port on one of their switches, so they white-listed it into a role for network devices. When they then locked down the role to only the management functions, they began to see a stream of policy incidents: this switch service port was talking to a buddy on AIM, surfing the web, copying files to the file server, and using Outlook – clearly it wasn’t a switch port! By watching the traffic in more detail via the ConSentry InSight Command Center, the IT staff determined the address belonged to a user, not a switch, and were able to hone in and identify the user by name. In the process, they also learned how severely out-of-date the manually maintained IP address spreadsheet was, and they found several servers out on the edge network, a deployment model that violated company policy. They even discovered several duplicate IP addresses shared by both the network devices that are statically assigned and the DHCP pool used to assign user IP addresses. The customer was lucky that the duplicate IP addresses hadn’t interrupted network service; however, service disruption might have been the inevitable outcome had ConSentry not uncovered the problem.
- It’s my time, not my money, I’m wasting: Another customer recently reported that after deploying our gear and reviewing the top applications at the call center, the IT staff uncovered extensive use of web-based Pogo and Yahoo games. In some cases, calls had been left on hold while call center employees were gaming, inflating charge times for their unsuspecting customers. By tying this inappropriate application use to individual users, the IT staff was able to eliminate this illicit usage and thus more accurately bill its customers.
The bottom line for both inadvertent and blatant misuse is the same: you need Layer 7 visibility, tying together users, applications, and devices, to enforce policy and control over your LAN.
Comments