Activity in Government Clients at the network level.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • UNICORNico
    Trusted Tech

    250+ Posts
    • May 2018
    • 309

    Activity in Government Clients at the network level.

    Dear partners.


    I want to communicate an activity that is being carried out by some clients that is strange or curious.
    A few days ago the IT Departments, belonging to some offices or entities of a Government nature or State Security Bodies, have been contacting us to protect or rather, block non-priority network functions or services.
    - Change of Access Codes.
    - Port Deactivation
    - Deactivation of network protocols (SMB)
    - Request for review and active firmware update.


    I want to know how this is turning out in other parts, and in this forum we meet technicians from several countries, to know a little about the general situation. And I wouldn't be surprised if this happened due to the recent active war in Israel/Palestine.


    From my personal opinion, no war or active participants in it have my sympathy, since tragedy is the death of innocents.
    "ALL WILL BE WELL" The battle cry that most inspires me to follow, from the DC's Comic character that I admire the most. And I feel satisfied with being better every day, and with using Gnu-Linux as my usual Operating System.Apologies for my English, it's not my mother tongue and I'm helping the translator.
  • techsxge
    Senior Tech

    Site Contributor
    500+ Posts
    • Jan 2022
    • 661

    #2
    Re: Activity in Government Clients at the network level.

    We have very few mfp / printer products at goverment supported companies / offices, but usually they have a network infrastructure that will take all the work from us anyways.

    Some goverment companies will also only accept certain machines from certain manufactureres and only if specifically ordered for them.

    If we talk about managing whole networks however, all goverment organs have their own it-centre

    Comment

    • UNICORNico
      Trusted Tech

      250+ Posts
      • May 2018
      • 309

      #3
      Re: Activity in Government Clients at the network level.

      Originally posted by EyesProdigy
      I think after the war everyone is sterile to protect themselves and their data, don't you think so?
      I do not doubt the ferocity of the teams specialized in the field of cybersecurity (I include both "good" and "evil" actors), they have such sophisticated means that I doubt we will ever truly know their potential.


      But knowing that one of those teams is from Israel and were the creators of "Pegasus", the Palestinian side will have its namesake. After certain actions on the global network, along with what I comment here, I am seriously concerned about the possible escalation and the risks that this may entail.


      To what extent do we have the knowledge so that the devices we repair, and the (important) clients we have in maintenance, can we provide a decisive service that does not leave them at risk due to this lack of knowledge, even though they have equipment of IT.
      "ALL WILL BE WELL" The battle cry that most inspires me to follow, from the DC's Comic character that I admire the most. And I feel satisfied with being better every day, and with using Gnu-Linux as my usual Operating System.Apologies for my English, it's not my mother tongue and I'm helping the translator.

      Comment

      • rthonpm
        Field Supervisor

        2,500+ Posts
        • Aug 2007
        • 2848

        #4
        Re: Activity in Government Clients at the network level.

        My government, and government adjacent, clients have been going the route of segmenting their MFPs and printers so that they're on their own network VLAN which only allows inbound and outbound access to the specific ports they want to be reached. For the most part, Ports 9100 and/or 515 are allowed inbound access to the VLAN either from al client computers or just to their specific print servers and SMTP or SMB outbound access is allowed only to the specific systems they want. I've even recommended to most clients to have the web interfaces locked down to specific hosts in case of older TLS certs or other limitations that prevent the devices from using modern ciphers.

        This makes the configuration of the MFP much easier since there's no way for any of those other protocols to communicate, even if they are enabled.

        Comment

        • techsxge
          Senior Tech

          Site Contributor
          500+ Posts
          • Jan 2022
          • 661

          #5
          Re: Activity in Government Clients at the network level.

          Originally posted by rthonpm
          My government, and government adjacent, clients have been going the route of segmenting their MFPs and printers so that they're on their own network VLAN which only allows inbound and outbound access to the specific ports they want to be reached. For the most part, Ports 9100 and/or 515 are allowed inbound access to the VLAN either from al client computers or just to their specific print servers and SMTP or SMB outbound access is allowed only to the specific systems they want. I've even recommended to most clients to have the web interfaces locked down to specific hosts in case of older TLS certs or other limitations that prevent the devices from using modern ciphers.

          This makes the configuration of the MFP much easier since there's no way for any of those other protocols to communicate, even if they are enabled.
          This is the way.

          (I personally dont trust these mfps in terms of security anyways)

          Comment

          • slimslob
            Retired

            Site Contributor
            25,000+ Posts
            • May 2013
            • 35186

            #6
            Re: Activity in Government Clients at the network level.

            Originally posted by techsxge
            This is the way.

            (I personally dont trust these mfps in terms of security anyways)
            Security on MFPs is only as good as the security of the network it is connected to add the screening of those who have access to that network. It only takes one idiot with an unsecured personal laptop to compromise an entire VLAN.

            The dealer I worked for installed a Lanier digital dictation system at the Bakersfield Heart Hospital during the final construction. The hospital opened in 1999. I can't remember when or the name of the worm, but I got called the wee hours of a Saturday morning to come out immediately to install a patch on the NT4 servers that were part of the dictation system. A doctor at one of the Heart Hospitals had connected a personal laptop to the network. The laptop was infected with a fast spreading worm that exploited a vulnerability in Windows. Without seconds every computer on their VLAN that was turned on was infected.

            Comment

            • techsxge
              Senior Tech

              Site Contributor
              500+ Posts
              • Jan 2022
              • 661

              #7
              Re: Activity in Government Clients at the network level.

              Originally posted by slimslob
              Security on MFPs is only as good as the security of the network it is connected to add the screening of those who have access to that network. It only takes one idiot with an unsecured personal laptop to compromise an entire VLAN.

              The dealer I worked for installed a Lanier digital dictation system at the Bakersfield Heart Hospital during the final construction. The hospital opened in 1999. I can't remember when or the name of the worm, but I got called the wee hours of a Saturday morning to come out immediately to install a patch on the NT4 servers that were part of the dictation system. A doctor at one of the Heart Hospitals had connected a personal laptop to the network. The laptop was infected with a fast spreading worm that exploited a vulnerability in Windows. Without seconds every computer on their VLAN that was turned on was infected.
              To be honest, it only takes one idiot with a usb thumb drive to plug into your mfp and your whole network could go ka-boom.
              Yes, you can setup vlans. But many small companies dont even have that.

              And after all, the one attacking you will always have the upper hand.

              Comment

              • Samir
                Self-Taught
                • Oct 2023
                • 31

                #8
                Re: Activity in Government Clients at the network level.

                The two wars going on right now have definitely upped the amount of 'cyber problems' going on over the wire. It's more like a 'if you didn't lock it down like you were supposed to before, you better do it now' type of situation, but the escalation is there.

                Most of the intruders into a network will simply want to compromise the machine to get to something else since the machine really can't do much on its own with its limited power--and that's where the key is to securing it. It is low-power, has no business on the Internet (unless you've got printing and scanning going that way, but that's much more secure over an IPsec VPN tunnel), and should only be talking to very specific IPs and nothing else. When they're in this state, they're very hard to compromise, and even if they are compromised are very limited in utility to anyone.

                We keep all our devices off the Internet, only communicating with the LAN, and only connecting remotely via IPsec VPN tunnels. We also turn off stuff we don't use like SMTP, etc.

                Comment

                Working...