Results 1 to 9 of 9
  1. #1
    Senior Tech 250+ Posts UNICORNico's Avatar
    Join Date
    May 2018
    Location
    Murcia
    Posts
    299
    Rep Power
    16

    Exclamation Activity in Government Clients at the network level.

    Dear partners.


    I want to communicate an activity that is being carried out by some clients that is strange or curious.
    A few days ago the IT Departments, belonging to some offices or entities of a Government nature or State Security Bodies, have been contacting us to protect or rather, block non-priority network functions or services.
    - Change of Access Codes.
    - Port Deactivation
    - Deactivation of network protocols (SMB)
    - Request for review and active firmware update.


    I want to know how this is turning out in other parts, and in this forum we meet technicians from several countries, to know a little about the general situation. And I wouldn't be surprised if this happened due to the recent active war in Israel/Palestine.


    From my personal opinion, no war or active participants in it have my sympathy, since tragedy is the death of innocents.
    "ALL WILL BE WELL" The battle cry that most inspires me to follow, from the DC's Comic character that I admire the most. And I feel satisfied with being better every day, and with using Gnu-Linux as my usual Operating System.Apologies for my English, it's not my mother tongue and I'm helping the translator.

  2. #2
    Field Supervisor 500+ Posts
    Activity in Government Clients at the network level.

    techsxge's Avatar
    Join Date
    Jan 2022
    Location
    N/A
    Posts
    661
    Rep Power
    28

    Re: Activity in Government Clients at the network level.

    We have very few mfp / printer products at goverment supported companies / offices, but usually they have a network infrastructure that will take all the work from us anyways.

    Some goverment companies will also only accept certain machines from certain manufactureres and only if specifically ordered for them.

    If we talk about managing whole networks however, all goverment organs have their own it-centre

  3. #3
    Technician
    Join Date
    Sep 2023
    Location
    Amsterdam
    Posts
    13
    Rep Power
    1

    Re: Activity in Government Clients at the network level.

    Quote Originally Posted by UNICORNico View Post
    Dear partners.


    I want to communicate an activity that is being carried out by some clients that is strange or curious.
    A few days ago the IT Departments, belonging to some offices or entities of a Government nature or State Security Bodies, have been contacting us to protect or rather, block non-priority network functions or services.
    - Change of Access Codes.
    - Port Deactivation
    - Deactivation of network protocols (SMB)
    - Request for review and active firmware update.


    I want to know how this is turning out in other parts, and in this forum we meet technicians from several countries, to know a little about the general situation. And I wouldn't be surprised if this happened due to the recent active war in Israel/Palestine.


    From my personal opinion, no war or active participants in it have my sympathy, since tragedy is the death of innocents.
    I think after the war everyone is sterile to protect themselves and their data, don't you think so?

  4. #4
    Senior Tech 250+ Posts UNICORNico's Avatar
    Join Date
    May 2018
    Location
    Murcia
    Posts
    299
    Rep Power
    16

    Re: Activity in Government Clients at the network level.

    Quote Originally Posted by EyesProdigy View Post
    I think after the war everyone is sterile to protect themselves and their data, don't you think so?
    I do not doubt the ferocity of the teams specialized in the field of cybersecurity (I include both "good" and "evil" actors), they have such sophisticated means that I doubt we will ever truly know their potential.


    But knowing that one of those teams is from Israel and were the creators of "Pegasus", the Palestinian side will have its namesake. After certain actions on the global network, along with what I comment here, I am seriously concerned about the possible escalation and the risks that this may entail.


    To what extent do we have the knowledge so that the devices we repair, and the (important) clients we have in maintenance, can we provide a decisive service that does not leave them at risk due to this lack of knowledge, even though they have equipment of IT.
    "ALL WILL BE WELL" The battle cry that most inspires me to follow, from the DC's Comic character that I admire the most. And I feel satisfied with being better every day, and with using Gnu-Linux as my usual Operating System.Apologies for my English, it's not my mother tongue and I'm helping the translator.

  5. #5
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,778
    Rep Power
    107

    Re: Activity in Government Clients at the network level.

    My government, and government adjacent, clients have been going the route of segmenting their MFPs and printers so that they're on their own network VLAN which only allows inbound and outbound access to the specific ports they want to be reached. For the most part, Ports 9100 and/or 515 are allowed inbound access to the VLAN either from al client computers or just to their specific print servers and SMTP or SMB outbound access is allowed only to the specific systems they want. I've even recommended to most clients to have the web interfaces locked down to specific hosts in case of older TLS certs or other limitations that prevent the devices from using modern ciphers.

    This makes the configuration of the MFP much easier since there's no way for any of those other protocols to communicate, even if they are enabled.

  6. #6
    Field Supervisor 500+ Posts
    Activity in Government Clients at the network level.

    techsxge's Avatar
    Join Date
    Jan 2022
    Location
    N/A
    Posts
    661
    Rep Power
    28

    Re: Activity in Government Clients at the network level.

    Quote Originally Posted by rthonpm View Post
    My government, and government adjacent, clients have been going the route of segmenting their MFPs and printers so that they're on their own network VLAN which only allows inbound and outbound access to the specific ports they want to be reached. For the most part, Ports 9100 and/or 515 are allowed inbound access to the VLAN either from al client computers or just to their specific print servers and SMTP or SMB outbound access is allowed only to the specific systems they want. I've even recommended to most clients to have the web interfaces locked down to specific hosts in case of older TLS certs or other limitations that prevent the devices from using modern ciphers.

    This makes the configuration of the MFP much easier since there's no way for any of those other protocols to communicate, even if they are enabled.
    This is the way.

    (I personally dont trust these mfps in terms of security anyways)

  7. #7
    Retired 10,000+ Posts
    Activity in Government Clients at the network level.

    slimslob's Avatar
    Join Date
    May 2013
    Location
    Bakersfield, CA
    Posts
    33,980
    Rep Power
    983

    Re: Activity in Government Clients at the network level.

    Quote Originally Posted by techsxge View Post
    This is the way.

    (I personally dont trust these mfps in terms of security anyways)
    Security on MFPs is only as good as the security of the network it is connected to add the screening of those who have access to that network. It only takes one idiot with an unsecured personal laptop to compromise an entire VLAN.

    The dealer I worked for installed a Lanier digital dictation system at the Bakersfield Heart Hospital during the final construction. The hospital opened in 1999. I can't remember when or the name of the worm, but I got called the wee hours of a Saturday morning to come out immediately to install a patch on the NT4 servers that were part of the dictation system. A doctor at one of the Heart Hospitals had connected a personal laptop to the network. The laptop was infected with a fast spreading worm that exploited a vulnerability in Windows. Without seconds every computer on their VLAN that was turned on was infected.

  8. #8
    Field Supervisor 500+ Posts
    Activity in Government Clients at the network level.

    techsxge's Avatar
    Join Date
    Jan 2022
    Location
    N/A
    Posts
    661
    Rep Power
    28

    Re: Activity in Government Clients at the network level.

    Quote Originally Posted by slimslob View Post
    Security on MFPs is only as good as the security of the network it is connected to add the screening of those who have access to that network. It only takes one idiot with an unsecured personal laptop to compromise an entire VLAN.

    The dealer I worked for installed a Lanier digital dictation system at the Bakersfield Heart Hospital during the final construction. The hospital opened in 1999. I can't remember when or the name of the worm, but I got called the wee hours of a Saturday morning to come out immediately to install a patch on the NT4 servers that were part of the dictation system. A doctor at one of the Heart Hospitals had connected a personal laptop to the network. The laptop was infected with a fast spreading worm that exploited a vulnerability in Windows. Without seconds every computer on their VLAN that was turned on was infected.
    To be honest, it only takes one idiot with a usb thumb drive to plug into your mfp and your whole network could go ka-boom.
    Yes, you can setup vlans. But many small companies dont even have that.

    And after all, the one attacking you will always have the upper hand.

  9. #9
    Self-Taught
    Join Date
    Oct 2023
    Location
    HSV and SFO
    Posts
    27
    Rep Power
    1

    Re: Activity in Government Clients at the network level.

    The two wars going on right now have definitely upped the amount of 'cyber problems' going on over the wire. It's more like a 'if you didn't lock it down like you were supposed to before, you better do it now' type of situation, but the escalation is there.

    Most of the intruders into a network will simply want to compromise the machine to get to something else since the machine really can't do much on its own with its limited power--and that's where the key is to securing it. It is low-power, has no business on the Internet (unless you've got printing and scanning going that way, but that's much more secure over an IPsec VPN tunnel), and should only be talking to very specific IPs and nothing else. When they're in this state, they're very hard to compromise, and even if they are compromised are very limited in utility to anyone.

    We keep all our devices off the Internet, only communicating with the LAN, and only connecting remotely via IPsec VPN tunnels. We also turn off stuff we don't use like SMTP, etc.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here