Robert Vamosi posted an interesting blog today on CNET "Hacking intranet web sites from the outside". He attended an RSA presentation by Jeremiah Grossman, CTO of White Security. The blog describes the attack on an intranet:
"In several live demonstrations, Grossman showed how it was possible, by appending the URL in a victim's browser with a call to remotely hosted JavaScript to see a victim's browser history or learn an internal IP address. With such information, he was then able to scan the internal network and locate any valid servers operating inside the corporate firewall. He showed how an attacker could mask all this by creating a simple iframe over the legitimate browser screen, so the victim could use the browser to surf the Net, unaware that JavaScript was running in the background. For fun, the attacker could send messages to the victim that would appear as alert dialog boxes."
Perhaps as ominous, the blog continues on to describe these types of attacks being initiated from web enabled printers or web enabled UPS strips. What is worrisome is that these types of attacks won't be picked up by anti-virus or other malware detecting devices.
There are so many relatively easy attack vectors into an enterprise. The bottom line is to have multiple layers of identity authentication strength behind the firewall, the anti-virus and intrusion detection systems.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us