Let’s take a look at an often under-utilized aspect of network topology in the small to medium business realm: that’s right, a networking article. But before you run off, what if I told you you could increase performance and lower your production down time with equipment you (might) already have!?
During a penetration test, we’ve found that a common (and easy) way to gather credentials and gain an initial foothold on the client’s network is to perform a Man-in-the-Middle poisoning attack abusing LLMNR & NBT-NS. Depending on how active users are on the network, this attack can give an adversary valuable information almost immediately. Fortunately, with a little knowledge, this attack can be easily remediated.
What is LLMNR & NBT-NS?
Presidents' Day is on Monday of next week and this isn’t lost on fraudsters and wire-transfer hackers. Once a wire has mistakenly been sent to the bad guy, each minute counts - the longer the delay the greater the chance they’ve been able to transfer your funds to an account that can’t be reached by the FBI. The added holiday adds an automatic delay that works to their advantage and even the most prepared organizations can fall victim.
“What are the top 7 things you can do to protect your business from hackers?” Have you ever read a list like that on the internet? In the cybersecurity realm, they’re everywhere. I’ve even assembled and presented one of those lists to a group of business owners myself. They tend to point out things like user awareness training, patching and passwords. All noble things to get your arms around, of course, but are they useful to a client? Sometimes I feel as though those lists, as true as they are, are about as useful as telling a football team to “score touchdowns”, or “guard the quarterback.” Yeah, I know that scoring touchdowns is good… but how?
Everyone has (or should have) an anti-virus solution. It's probably barked at you once or twice for downloading a file from a sketchy website or opening a link from an email you didn't quite recognize. But how does your anti-virus know what programs are bad, and what programs are good?