{"id":29,"date":"2018-10-30T09:09:32","date_gmt":"2018-10-30T08:09:32","guid":{"rendered":"https:\/\/lars-hilse.de\/lhx18\/?p=29"},"modified":"2018-10-30T09:09:35","modified_gmt":"2018-10-30T08:09:35","slug":"why-you-dont-want-your-rj-45-sockets-available-in-the-wild","status":"publish","type":"post","link":"https:\/\/lars-hilse.de\/lhx18\/2018\/10\/why-you-dont-want-your-rj-45-sockets-available-in-the-wild\/","title":{"rendered":"Why you don\u2019t want your RJ 45 sockets available in the wild"},"content":{"rendered":"<div class=\"ttr_start\"><\/div><p>A few weeks ago I had friends visiting from Thailand. Being the good host I try to be I took them to see several A few weeks ago I had friends visit from Thailand. Being the good host I try I took them on a variety of sightseeing tours; one of them was inevitably to one of the castle switch around here.<\/p>\n<p>While we were strolling through the facility I couldn&#8217;t help but see a wire running throughout the complex, which obviously didn&#8217;t exist back in the 1800s.<\/p>\n<p>Lo and behold it was a network cable.<\/p>\n<p>This network cable was not only connected to the sprinkler system and the fire alarms, the exit signs and alarm system; it was also the same cable that ran to the cashier. Meaning, that the entire network infrastructure was exposed to interception.<\/p>\n<p>Technically, it would be possible to separate the cable and install a device which will give you permanent access to the network.<\/p>\n<p>As if this wasn&#8217;t bad enough, I found at least half a dozen RJ 45 sockets throughout the complex which would have made my work even easier; had I been a criminal.<\/p>\n<p>It&#8217;s important to understand that these sockets were at locations where I would have been undisturbed four hours.<\/p>\n<p>After this startling experience I kept my eyes open for rogue RJ 45 sockets in the wild.<\/p>\n<p>A few days after the visit I mentioned, I had to go to a public and ministration building: and what was the first thing that smiled at me? Right! Another rogue RJ-45 socket.<\/p>\n<p>Now, unless you have very specific MAC address filtering in place, rogue sockets will allow criminals to get a very good scan of your organization. If the access to systems is limited to, even then would it be possible to conduct a scan of the network, Which would reveal devices that are vulnerable, and allow for penetration of the network through that device.<\/p>\n<p>Well this may seem obvious to a lot of us, they&#8217;re obviously a lot of people out there in our profession that do not take such Warnerville it is as a given fact.<\/p>\n<p>Therefore, I dedicated an entire part of my cyber security risk assessment checklist to not only wrote RJ-45 sockets in the wild, but also to their placement, the mapping of the placement in case someone tampers with the box, and a variety of other issues.<\/p>\n<p>Contact me if you&#8217;d like to get a copy of my checklist for your work.<\/p>\n<div class=\"ttr_end\"><\/div>","protected":false},"excerpt":{"rendered":"<p>This post is about the security risks of having exposed RJ 45 sockets and your organization.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6,2,8,13],"tags":[],"class_list":["post-29","post","type-post","status-publish","format-standard","hentry","category-cyber-crime","category-cyber-security","category-global-risks","category-risk-management"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paluiP-t","jetpack_likes_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/29","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/comments?post=29"}],"version-history":[{"count":1,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/29\/revisions"}],"predecessor-version":[{"id":36,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/29\/revisions\/36"}],"wp:attachment":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/media?parent=29"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/categories?post=29"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/tags?post=29"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}