Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread
Standard User Rygar1
(experienced) Mon 20-Apr-15 09:26:11
Print Post

Realistic risks - drive jumping viruses & hackers


[link to this post]
 
I have a friend who has got herself into a bit of bother at work because she disabled monitoring & antivirus software used by her companyís 3rd party IT support. She works 50% from home, 50% in the office, it was while working from home that she did this on her company laptop.

Now support are making all sorts of claims about the risk she caused to the company, some of which I think are pretty exaggerated to say the least. She was definitely silly & wrong to do it but there seems to be a big overreaction. She is facing serious disciplinary action, she may even lose her job.

Their specific beef seems to be based around the fact that the laptop could have became compromised and spread viruses to other machines in the organisation and a central data hard drive that only contains documents, and that hackers could have gained access to her laptop as well as other machines in the company and this central data-only drive.

Iím trying to establish how realistic/likely these threats are. Specifically I want to know is there any viruses that can spread from hard drive to hard drive across a LAN/VPN? I see a lot of assumptions on the internet that viruses can spread in this fashion but Iíve never personally seen a virus make a copy of itself to a different physical hard drive across a LAN, especially when that second drive only contains data as is the case in this situation. Does this actually happen? Which viruses actually do this? To my mind viruses affect operating systems, I cant see how they can do much damage on a separate data-only drive unless actually executed on that drive. Iím looking for any good links/articles/papers on this topic especially if itís the case that such risks are minimal or non-existent.

Also how serious a threat is direct hacking* when you are behind a router & software firewall? Again any links would be great (*Not the type of hacking that involves someone getting access to your machine because you clicked on a link in email or opened a dodgy attachment etc, actual proper hacking).

I have searched myself but they can be tricky topics to find good info on due to the real risks that exist in IT security but there also seems to be a lot of exaggeration & hysteria out there. Like I say she was definitely wrong but I guess Iím looking to bring some balance to the discussion, maybe point to something she can cite to defend herself or show that the risks aren't as bad as they claim.
Standard User bobble_bob
(fountain of knowledge) Mon 20-Apr-15 09:50:56
Print Post

Re: Realistic risks - drive jumping viruses & hackers


[re: Rygar1] [link to this post]
 
Im guessing only virus that could takeover a LAN is one that attacks the router and changes the DNS servers to some dodgy ip?
Standard User TheEulerID
(member) Mon 20-Apr-15 10:44:54
Print Post

Re: Realistic risks - drive jumping viruses & hackers


[re: Rygar1] [link to this post]
 
Once a virus is established on a machine, there are several ways it can spread. The most obvious is by the sharing of infected files. Not only is there email, but many companies will have shared storage systems. Infected files can be stored there. There are all sorts of file types which can harbour viruses, not just executables.

It's also possible for an infected machine to place infected files on shared file systems without involving the user at all. Indeed, once an infected machine has read/write access to a shared file system it can do what it likes. It could encrypt files (ransom-ware attacks). On a well managed network, simple shared file systems like this are not considered very sophisticated due to such vulnerabilities, but they are still extremely commong in small and medium sized organisations.

Of course other machines on the network ought to be protected against these things (and corporate file systems should be regularly scanned), but nothing is perfect.

There are, potentially, other things that could happen. If there are vulnerable machines on a corporate network, it's even possible to infect then with worms. In theory all machines on a network should be kept up-to-date, but it's not always the case, and it has caused chaos in past times.

In many companies, disabling virus protection on corporate machines could result in disciplinary procedures. There really has to be an extremely good reason to disable it.


Register (or login) on our website and you will not see this ad.

Standard User Malwaremike
(committed) Mon 20-Apr-15 11:06:05
Print Post

Re: Realistic risks - drive jumping viruses & hackers


[re: Rygar1] [link to this post]
 
She was definitely silly & wrong to do it but there seems to be a big overreaction. She is facing serious disciplinary action

Most companies have rules governing employee use of the internet as part of the workplace contract. In your friend's case the management has engaged a contractor to maintain and protect its IT systems. If everyone fiddles with company IT systems and disables AV protection of all things, there will be chaos.

I don't understand why your friend found it necessary to disable her employer's AV protection. Maybe she considers it a minor matter which might have resulted in the company systems being only a little bit hacked. Cybercrime being a huge and growing problem for employers, I'm not surprised there should be 'a big overreaction'.
Standard User bobble_bob
(fountain of knowledge) Mon 20-Apr-15 11:16:19
Print Post

Re: Realistic risks - drive jumping viruses & hackers


[re: TheEulerID] [link to this post]
 
Our IT department once banned usb fans as they said they could spread a virus. I continued to use them as they were clearly talking nonsense. Now they allow them

A normal user shouldn't have permissions to disable the AV anyway
Standard User eckiedoo
(experienced) Mon 20-Apr-15 11:19:34
Print Post

Re: Realistic risks - drive jumping viruses & hackers


[re: Rygar1] [link to this post]
 
And working "from home", does her home network have a similar level of security as her company network?

Looking at it another way, would her employers be happy for her to take "any old laptop" in to work and connect it directly to the company network, without vetting by the "3rd party IT support"?

-------------------

Say she had a company car; and that it had one of the recent tracking devices fitted by the company, to help keep insurance costs down.

What would be the reaction if she deliberately and knowingly disabled that device, thus invalidating the insurance?

Edited by eckiedoo (Mon 20-Apr-15 11:20:48)

Standard User mixt
(fountain of knowledge) Mon 20-Apr-15 11:26:53
Print Post

Re: Realistic risks - drive jumping viruses & hackers


[re: Rygar1] [link to this post]
 
In reply to a post by Rygar1:
Now support are making all sorts of claims about the risk she caused to the company, some of which I think are pretty exaggerated to say the least. She was definitely silly & wrong to do it but there seems to be a big overreaction. She is facing serious disciplinary action, she may even lose her job.

She should have signed something where she agreed how to use (and how not to use) the equipment and access given and granted to her. If she broke this agreement, they have every right to commence with disciplinary action.

Every company is different. The one I am at right now is quite small and lenient. They haven't even issued me a company laptop, and are happy for me to VPN in from home using my own equipment. The previous company I worked for was an entirely different story. Only company vetted and administered equipment could be allowed to connect to company networks. Even down to mobile phones connecting to wireless etc (if it wasn't a company phone, it could only connect to the guest network in the office etc).

Companies have these policies in place for a reason. Phones can pickup viruses as well and become a liability to the rest of the network they are connected to.

Regardless of what you think etc, it is about what she agreed to with her terms of employment. If she's broken those, then she'll have to accept disciplinary action and deal with it.

Zen Unlimited Fibre 2 (60/20Mb FTTC) | IPv6 via HE | » Automated Hourly HTTPx5 TBB Speed Tests «
Previous ISPs » aaisp.net (40/10Mb FTTC) | Virgin Media (50Mb/Cable) | Be* Un Limited (ADSL2+) | Zen (ADSL)
Download Maximiser | BIND GeoDNS | Are you being blÝcked?
Standard User micksharpe
(legend) Mon 20-Apr-15 12:44:09
Print Post

Re: Realistic risks - drive jumping viruses & hackers


[re: Rygar1] [link to this post]
 
The company that I used to work for had a serious infection that spread over the UK network. It caused the IT department an awful lot of hassle checking thousands of PCs and reinstalling the software (whilst preserving users' files). Fortunately, the infection did not spread to other countries where we had a presence.

IT tightened everything up after that. A standard distribution of Windows was rolled out across the entire UK operation and PCs were upgraded where necessary. Users were prevented from installing new software by removing all administrator rights. Most users accepted this but us techies found it very frustrating and we moaned like hell. Eventually, IT relented and allowed us to administer own own machines providing we promised to be on our 'best behaviour' and fix any problems ourselves. We had to use Internet Explorer and Outlook though, which was a bit silly since they were less secure than the alternatives, but there you go.

Faced with the choice between changing oneís mind and proving that there is no need to do so,
almost everyone gets busy on the proof. -- J.K. Galbraith
Standard User tommy45
(knowledge is power) Mon 20-Apr-15 12:51:36
Print Post

Re: Realistic risks - drive jumping viruses & hackers


[re: Rygar1] [link to this post]
 
If all the other companies machines are protected by an AV solution, with real time protection then they should detect any infected files, so unless someone else disables it, the virus can't spread, (none that the AV solution can detect)unless the companies AV solution is useless,
As for hacking ,why would someone want to hack your friends IP address or hardware behind it at random (without knowing if it will be worthwile) hackers tend to specifically target people/companies

Edited by tommy45 (Mon 20-Apr-15 12:53:28)

Standard User Rygar1
(experienced) Mon 20-Apr-15 12:52:23
Print Post

Re: Realistic risks - drive jumping viruses & hackers


[re: Rygar1] [link to this post]
 
I essentially agree with everything that's been said regarding terms of contract etc.

There were reasons she did this that I won't go into but keeping the discussion related purley to the technical aspects what were the real risks of doing this once while at home? Keep in mind a restart reenabled everything. My main thought was encryption ransom virus on her own machine (which is backed up regularly btw) but could such a virus really jump to the central data drive and execute? I'd like to see cites for this happening as that is one of the specific accusations being made. Which specific viruses are known to jump direct from drive to drive over lan or vpn?

Another accusation relates to hacking. How prevelant is successful hacking on a machine behind router and software firewall?

I should add this lady is not IT illiterate, she is aware of common threats from email links/attachments, free software, phishing etc.

From a risk perspective I would say this one specific action of hers posed a low risk to her own machine and very low risk to the company network. Would anyone disagree with that assessment?
Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread

Jump to