[ale] KISS: Is Sniffing a Real Threat in a modern Switched LAN?

Ed Cashin ecashin at noserose.net
Thu Mar 11 10:43:23 EST 2021 

In the past, many switches, when confronted with enough traffic, have
fallen back to acting like hubs.  Nefarious people have generated large
amounts of traffic in order to trigger that condition and allow sniffing.
This specific problem is an example of a larger issue: When securing
networks, only security in depth is practical.

Bugs (and designed behavior that is problematic) can always cause one or
more layers to stop enforcing expected security guarantees.  That's why
people get so excited about, e.g., the end-to-end encryption of something
like Signal.  Even if something goes wrong (like sniffing inside the cloud
service provider's network) you still have some guarantees.


On Thu, Mar 11, 2021 at 10:01 AM Neal Rhodes via Ale <ale at ale.org> wrote:

> Ok, maybe slightly OT BUT there is a linux server involved...
>
> Again looking at what security is really needed, but going deeper.
> What assets need protection?  Turns out, everything is in the cloud.
>
> The question is: if we make a downstairs Wifi router be an access point
> instead, do we really expose anything?
>
>
> Primary EdgeRouter-X Router: (has 5 ports; Eth1-5 are all on
> 192.168.1.x)
>      - Eth0 - WAN port goes to Comcast Router;
>      - Eth1 - NetGear jgs524pe Switch in office
>               - Office Win10 Desktop
>                       - https access to Banking, Financials, Roster   <==
> Primary Security Concern
>               - Polycon phone-set
>                       - Office Win10 Desktop
>                             - https access to Banking, Financials, Roster
>   <== Primary Security Concern
>               - Linksys Wifi Access Point
>                       - Office Notebooks
>
>      - Eth2 - NetGear jgs524pe Switch downstairs
>               - ASUS Wifi in Hall downstairs, configured as Access Point
>                       - Ubuntu Desktop on Wired port, running Jamulus on
> forwarded UDP port 22124  <== Can this be a Threat?
>                       - Children in Community Schools doing Distance
> Learning with personal notebooks <== Can this be a Threat?
>
> My understanding is that due to the nature of how a switch works, so
> long as office staff always use wired connections to do HTTPS cloud
> work, there is simply no way for anything downstairs, on a different
> switch, do sniff the HTTPS traffic.   Even other desktops on the same
> switch in the office could not sniff the HTTPS traffic of the other
> desktops.    So long as those computers leave the windows firewall
> running, don't allow RDP, etc, I don't see an exposure.
>
> It would seem dubious for Office computers to use Wifi connections for
> banking, and we should make that a taboo.
>
> BUT, I can't see how an exploit could piggyback in on a child's notebook
> and gain any sniffing access upstairs?   Nor could a flaw in the Jamulus
> server which ultimately provided a linux command line result in getting
> access to financial computers.
>
> I was debating about firing up Samba on the Linux box to make it easy to
> grab multi-track audio recordings, but... maybe we'd best not, and use
> winScp instead.
>
> Thoughts?
>
> Neal
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>


-- 
  Ed Cashin <ecashin at noserose.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20210311/bfbe8452/attachment.html>

More information about the Ale mailing list