Basic IT Security #5|淺談資訊保安 #5

Hello everyone! Thanks for your support on the IT security series. In previous topic, we have discussed more on the basic IT security concept, mainly related to the operating system itself. And this time, please kindly let me bring you to the topic a bit more related to the networking area, which is the share media on the network.

大家好! 很感謝大家對資訊保安系列一直以來的支持。在之前的幾篇當中,我們淺談了各種資訊保安的知識,但主要都是集中在操作系統上高的。而今次,我希望把題目往前帶一點,去一個比較關於網絡方面的題目,那就是本地網絡上的資源分享。

It is quite common that people sharing their resource on the network. No matter a meeting PowerPoint, a working document or maybe an installation file for an application; people nowadays would like to put things on the network in order to save time for sending it in and out or for their easy access. And I believe that most of us were using the share folder function in the operating system to share our resource within our network.

現今,在自己的本地網絡上分享資源已經十分普遍了,無論是你下午的會議議程、或是工作報告、什至是一個軟件的安裝包,人們都很喜歡把它們放到本地網絡上高,好讓大家都能節省時間去收發,也比較容易去存取。而我相信,大部份人都會使用操作系統上面的共享文件夾功能在本地網絡中共享各種資源。

However, have you ever notice that did your access right to the share folder properly configured? Sometimes, we can simply check what computer have been connected to our network by checking the Network tab in our computer as below (but it is not very accurate, as the result is affected by the network status usually).

可是,你有沒有檢查過到底自己的共享文件夾有沒有好好的設定,好好限制了到底誰可以接觸到呢? 有些時候,我們可以很簡單的在電腦上高的網絡這個頁面上看得到到底有那些電腦連接了我會的網絡(但這個是不太準確,因為結果很受當時的網絡狀態所影響)。

1.png

And I generally checked some machine connected and can see that a share folder is shared out.

而當我隨意地檢查的時候,我可以輕易的發現到有一些電腦分享了一些共享文件夾出來了。

2.png

And when I drill down, I see a lot of confidential document was being put in this shared folder. And I can even reach the user’s mail box. And I bet there is a lot of useful information if I want to hack his computer or even his life, as maybe bank statement or phone bill could be found here.

當我再往下找的時候,我更發現這台電腦在這個共享資料夾中共享了許多的機密跟個人資料。我什至能接觸它的郵箱,而我相信我可以在這個郵箱中找到很多有用的資訊,可以讓我輕鬆的黑掛這用戶的電腦;什至黑掛他的人生,因為我相信在這個郵箱當中我會找到各種銀行的月結單、電話費單等資料。

3.png

And you may say maybe I have the domain administrator right to perform such action, but I am sorry, I don't have it, I am just a normal user. The reason is simply that the folder access was granted to Authenticated User, which you can simply consider it is more or less the same meaning as Everyone, by this user.

而你可能會認為是不是因為我擁有網絡主管的權限,才能做到這些操作? 但可惜,我沒有,我只是一個普通的用戶而已。而我能接觸這個用戶的原因很簡單,就是因為他的共享文件夾設定得不好,他設定了讓經過身份驗證的用戶可以存取這個資料夾,而你可以把它想像成所有人吧。

4.png

So, you may say that it is just a single case and that user was too silly to do so, no one would really do it. However, I would like to tell you, from my own experience, there are quite a lot of such case for many company, even big company or listed company have the same mistake. I had even tried to find some meeting PowerPoint which supposed to be used in their AGM in their local network.

你大概也會認為,這不就是單一例子嘛,根本不會有用戶會這麼傻,沒人會真的這樣做。可是,你大概也錯了,根據我自己的經驗,有很多公司都有這些問題,不止小型的公司,什至一些大公司、上市公司也都犯著同樣的錯誤。我試過在他們的本地網絡上,找到了他們高層在年度大會上要用的講程。

And there are actually numbers of reason which lead such case, sometimes it is really the user who click to share the folder to everyone; sometimes it is some computer error which wrongly shared the folder out. And which is something that you cannot really prevent it.

而這種錯誤背後有各種不同的原因,有一些可能是用戶不小心的共享了給所有人;有一些可能是一些電腦的錯誤,所以它意外的共享了出去。而你可是不太能控制後者的錯誤,畢竟這就是電腦嘛。

So, detective control becomes more critical at this point. You should regularly perform a check on the resource shared in the network, in order to prevent some sensitive file was mistakenly shared out. As maybe one day, your colleague sits next to you could check your bank balance or know who have you called last month.

所以,偵測性控制就變得十分重要了,你應該定期的檢查一下在你的本地網絡中有什麼資源被分享了出來,好讓那些機密的、私人的資料不會外洩。因為有可能某一天,坐你旁邊的同事可能會查得到你銀行戶口到底有多少錢,或是上個月打了那些號碼 (外遇被捉到了可就不好了嘛..)。


Thanks for reading, I hope you enjoy it!
And please follow me and see my other post if you like it: @victorier

感謝你的閱讀,希望你會喜歡!
如果你覺得不錯的話請你追蹤我,也可以看我其他的文章: @victorier

H2
H3
H4
3 columns
2 columns
1 column
25 Comments