Guys,
Large retail business with alot of public facing IT equipment in its branch sites.
We recently had an internal-pen test that involved social engineering and the full 9 yards - long story short the pen-test team managed to connect a rouge device to the network - packet-capture, harvest creds - elevate to domain admin (at multiple sites.)
We have actions coming out of this and I think one of the biggest weaknesses from a network standpoint we have is the lack of segmentation and switch-port access controls. We are already working on a piece of work to segment the network properly at these retail locations (currently we have third party's in vlans with corporate devices, high privilege vlans in public facing areas) its a real mess, luckily there is a focus on security now, hence the pen-testing.
I know there is no security silver bullet - but is there anything we should really look into to help us? 802.1x cetrificate based authentication at a switch-port level has been mentioned and is something we had on the back-burner for a while (although, alot of the equipment is public areas is third party equipment not on the domain - I know there is MAB etc) - sticky macs? automatic shutdown of unused switchports?
ideas appreciated
No comments:
Post a Comment