Friday, April 2, 2010

Weakspot in the Company Servers

Before we get started, let me conceptualize the following:
There are always 2 distinguish types of people in your company: Management or Technical

Ok, now let us proceed to the next thing, the network architecture.

For example, this is the network architecture for a company:

As you can see, the network environment is divided into the internal network for the company, the external network for their clients and the De-militarize Zone (DMZ)The DMZ are usually protected by a lots of firewalls and Intrusion Detection System (IDS) . Let's say the interaction between the clients to proxy server and to application server are using the SSL 2 and TTLS (Oh yeah, it's a standard secured and properly tunneled system), and everything seems so secure, as the Technical told to the Management :)Management would definitely satisfied, as it's all covered up by the expected budget.

Now here's a thing, most of the companies, does NOT have the secured internal network. Especially when the application servers are interacting to other servers, are not encrypted. The data (eg. username and password) are transmitted in clear plain-text. It's because the server to server encryptions and secured communications required additional financial and human resource, thus increases the project budget and eventually leads to a bad project.

From the management P.O.V, it's unnecessary and can be labelled as the managed risk. Yes, they don't believe in James Bond :-) Now, if you refer back to the network architecture, you'll notice that there's an Lightweight Directory Access Protocal (LDAP) server. Now you might think, all the usernames and passwords are nicely encrypted, and you're right~!!! It's ONLY nicely encrypted when the LDAP server response to the Application server, but when the Application server response to the LDAP server, usually and mostly it's NOT even encrypted. In fact, poorly configured Web Application server will also triggered the LDAP server to dump a lot of sensitive data back to the Web App server in plain text. With a simple sniffer and with the condition you're taping to the selected web app server, your job can be done easily :-) (You're Micheal Western ^^)

Therefore, next time when you're looking for a leak, this might be one of the possible weakspots.
Click here to: Spicy & Fury Blog

No comments: