Read up on the latest ideas and technologies from companies that sell hardware, software and services. How to Beef Up Your Sales Pipeline
Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Mobile Solutions Deliver Improved Efficiency to Star Track Express
Enterprise Wireless WLAN Security
Agile in the Enterprise
Realizing the Value of Unified Communications
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Email Archiving Implementation: Five Costly Mistakes to Avoid
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
I believe that my workstation has been hacked. My workstation is connected to an internal LAN and has an assigned IP address. All the workstations are connected to individual floor-port numbers and are somehow connected in the data center to similar numbers and to the servers and operating systems. My problem is that I believe my PC or my IP address was used to access the Internet without my knowledge. I cannot believe this is impossible, as I have been told. I am being held accountable for the Internet accesses that I never accessed. Please assist me in determining whether it is possible to hijack a workstation or IP address on an internal LAN, whether my workstation or IP address could be used by the system administrator or other person without my knowledge, and how any evidence (that my PC was used by someone else) could be traceable.
-- Haroun Dharsey
Brooks: Well, there are two issues here: The first is security on your particular PC, and the second is the nature of IP addresses.
The first thing is the physical security of the PC. Never mind the technical approaches to hijacking; could someone just walk up to your computer while you're away and use it? A screen saver with the password enabled is probably the place to start. This isn't very secure in Windows 9x, but in Windows NT it's actually pretty good.
Of course, if you're using a network login against either a Novell Directory Services tree or a Windows NT Server domain, any administrator can log into your PC. There's not much you can do about that, but, again, if you leave yourself logged in with a password-protected screen saver, you should at least be suspicious if you find yourself logged out when you return to your PC.
The next possibility is that someone else is using the same IP address. This almost can't happen while your machine is on, but if your PC is off at night, there's nothing to keep someone from using that same address. There's really nothing you can do about that -- it's the nature of IP. But it is possible.
As for getting evidence of that kind of thing, you're probably out of luck. There's very little you can do, especially in the case of another machine using your same IP address.
Pace: I have to disagree with Brooks about gathering evidence and protecting your IP address; there are a number of things you can do. However, you'll need to enlist the help of the IT department, who, with any luck, has nothing to do with this. The politics at this stage can be touchy, so tread lightly.
The first thing to have them do is disable your computer's access to the network at certain times of day. Though it might be fun to have your workstation locked while you're at your desk, you'll probably find it impractical. Work out a schedule with IT that will fit easily into the hours you work, so you don't end up staying at work too late -- only to find that your system can no longer access anything.
Once that is done and you're confident that no one is using your machine, have the IT department statically map your MAC address to your IP address in your upstream router's ARP table. Also, have them map the MAC address to your port in the switch. This will prevent anyone else on your subnet from being able to use your IP address from anywhere but your system. Then have the IT staff monitor things again to see if there is any more undesirable traffic coming from your PC.
If they do find traffic, you may have multiple personalities, or someone may be spoofing your IP address. Again, you'll need to work with the IT department to make sure that they have anti-spoofing access lists configured on all their routers. And then it's time to go back to monitoring.
At this point, if the traffic is still showing up, the IT department will need to monitor the network to see where your IP address is coming from. To do so they will need to monitor from a number of different points on the network to be certain of the location of the traffic. Once this is done, and the traffic re-appears, there should be no real questions left in their minds about who, or at least which, machine is responsible. They'll be left with the MAC address and switch port number of the perpetrator who will, no doubt, have a surprise waiting the next day.
(Brooks Talley is the Test Center's test manager and a consultant for InfoWorld Consulting Services. Mark Pace is a senior analyst in the Test Center. Send them your questions at testcenter_rx@infoworld.com.)Desk edit by:
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Tumbleweed appoints O2 Networks to its Australian Channel Partner Program 2008-08-29 12:31:00+10
HP ProCurve Brings Big Business Gigabit Switching Features to Small Businesses 2008-08-29 12:00:00+10
Nortel and LG Electronics are First in World to Demonstrate Mobile LTE Handover 2008-08-29 11:30:00+10
GlobalConnect Provides Treatment for Healthcare Provider’s Contact Support Requirements 2008-08-29 09:59:00+10
Sybase and Logica Partner To Mobilise The Supply Chain 2008-08-29 09:47:00+10
Unified Communications: Justifications and Predictions
Building a business case for Unified Communications is currently more of an art than a science. However, the difficulty of building a business case for UC does not mean that there is none - just that we need to view (and measure) UC's benefits in accordance with the stage of maturity of the technology's adoption. Read on to find out more.
