Mark Spieth wrote:
>>>In a home network, having everything in one box isn't as risky. For
>>>thing, home networks aren't "juicy" targets like company networks are.
>This is an extremely incorrect statement, Infact most script kiddies
>(which comprise most of the hacking attempts) do huge scans on network
>addresses they have no idea who they are hacking, and would hack a home
>machine first, you are less likely to get caught or even have the end
>user know the system was compromised. Once the home machine is hacked
>they will then use it to go after other systems.
Let me give you a live example. Earlier this year I was contracted by a
Florida based bank to audit there security. They had spent hundreds of
thousands of dollars on firewall technology, VPN roaming clients and
even iris scanning technology in their office complexes in Boca, Miami
and Port Everglade.
One of my UK engineers who worked with me on the contract was able to
dump bank transaction information, lease car details and fuel card
expense reports on the desk of the CIO within two days of doing the
sweep. How. By following a VP home who was a wifi fanatic and launching
an attack on the corporate network via his home trusted VPN connection.
So... no such thing as security. Any corporate granting remote access
via any firewall technology or VPN gateway has no rights to restrict the
freedom of the individual - e.g you can't stop your staff going to ebay
and buying a Netgear WiFi AP and you can't stop them misconfiguring that
technology. With 54g technology the spread is scary too. My local vicar
lives a 1/4 of a mile from my home. From my laptop sat here watching TV
I can tell you his ESSID is "huffy" and that he has two Dell machines on
a home network and a Epson Stylus printer and that he likes some strange
MSN groups and sits most of the day on news.bbc.co.uk
Scary isn't it...