IT Management RAS Dialups

Popularity:

8

Simplicity:

8

Impact:

10

Risk Rating:

9

IT management RAS doesn't mean "all the dialups present only in the IT server room." Rather, it means those RAS lines used by IT to remotely manage the IT services during emergencies, on weekends, and so on, independent of the physical location of the machines connected to the modems.

Often, these dialups exist due to necessity and specific internal processes (incident handling and patch planning). In other cases, the IT staff will pretend to require a remote PSTN access when only their ego requires it. We have heard sentences like "I must be able to access what I am responsible for—even if I'm not a hands-on technical figure!" so many times. This is the—let's say, classic—justification used by many IT managers when their role in the agency is to decide, not to configure systems remotely.

So, let's say this kind of RAS dialup will be used both by staff in the field and by the IT chiefs for various reasons. The penetration tester should know that the RAS will assign the remote caller an IP belonging to a very specific internal IP subnet, usually allowed by the internal firewalls to reach anything on the internal company network. This happens for the above-mentioned reasons where the IT staff says they require full access to the company's internal IT assets since "ya never know what could happen, and I gotta be allowed to reach every machine, since I don't want to phone the guys managing the firewall rules on a Saturday night at 3 a.m." (We heard this exact sentence when interviewing a customer's referent about an upcoming penetration test.)

When this sort of RAS dialup is encountered (very often, it could even be accessible via a dedicated toll-free number), an attacker will proceed with general information gathering strategies. Once the information has been collected and analyzed, the attacker will use various combinations of standard first names (for SMEs) and/or surnames from the IT department as possible logon/usernames, followed by a brute-force password attack specifically targeting the types of passwords used by IT staff (who, because they repeatedly enter username/password combinations, are often guilty of not following their own recommendations for password strength and security).

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment