One recent network audit that we performed for a prospective client exposed startling skeletons that might be hiding out of sight on your network. Because events like the one experienced by our security team a few weeks ago underscore the importance of why you need to be concerned about protecting your network from cybercrime and hacks, today I want to share this story. I’m hoping this tale will help you identify some poor practices within your company and lead you to a securer spot when it comes to network security.
The Situation
The prospective client [here remaining anonymous] called our office to speak with one of our solutions engineers, explaining that their network has seemed chronically slow in the last couple of months and wanted an IT Support company to take a look at what might be causing the problem (their current IT Support vendor was unable to find issues with their hardware and were in a constant battle with their internet service provider (ISP)).
The client also mentioned sporadic outages and performance issues across their network when connecting to the internet and were concerned that disruptions to getting work done was putting their business behind—costing them more money and leading to massive worker downtime and inefficiency in an economy that demanded as much efficiency as possible.
One of our engineers scheduled a time to go onsite at their facility and perform a security network assessment—an assessment that goes through the entire network with a fine tooth comb looking for issues, problems, and security vulnerabilities.
First, the engineer examined traffic flows between various computers and the services. The local communications appeared normal, but anytime traffic had to flow through the firewall to the internet or other offices, there was a significant delay.
The security engineer traced the traffic going through the firewall to see if he could isolate where the delay occurred…
What Did He Find?
By running some proprietary traffic diagnostic software to help understand origins and destinations of traffic moving to and from a business network, we were able to see that traffic was saturated moving to outside links. What we needed to do next? Classify what kind of traffic was actually moving off the network.
By running a network analyzing tool, we found that nearly half of the traffic—actually about 45% of it—was unrecognized traffic. That means traffic that wasn’t being inwardly or outwardly directed by staff, other vendors or this business’ client base. Forty-five percent of traffic defined as “other” is a bit concerning.
By evaluating the traffic in a bit more detail and actually taking a look at the data moving across the network, what we found was a bit startling—pornography had been moving across the network—eating up bandwidth and taking over the network’s normal capacity.
Further inspection of the packets moving across the network pointed to consistent destinations—Kazaa and Gnutella, two peer-to-peer (P2P) file sharing sites. By running a complete port scan of the network, we found nearly half of the systems on the network were running one of these two file sharing programs.
What was slowing down the network?
The transfer of large files from these file sharing software were eating up valuable bandwidth on the network—slowing down communications for nearly every employee.
The network was unknowingly hosting a slew of traffic that no one had known about—not even IT Support.
By digging a little deeper, researching what exactly was being transmitted, we did a little sleuthing as to what had caused Peer-To-Peer sites getting on the network. We found that a few employees had active accounts with these websites and had shared folders on the network with them.
Through these folders, we were able to navigate across the network and find complete company personnel rosters, confidential memos, social security numbers, and timelines for projects on-going within the business.
What were the users of P2P programs thinking? These users, never trained on proper cybersecurity in the workplace, were under the impression because no one outside the company knew about the filenames contained in the network directory, that no one would be able to get into the corporate files from their shared P2P file on the network.
Our security engineers ended up exposing some huge security vulnerabilities on this company’s network—vulnerabilities that could have risked the entire business had someone maliciously used the information accessible from those shared folders.
Anyone could have used either of these P2P tools to gain access to sensitive company information on the network! The statistics on hacked networks? Nearly half of businesses that survive a hack close their doors within 2 years from client mistrust, decreased employee morale and hefty fines and cybersecurity costs.
Will you continue to keep your business network under-protected? Contact Us TODAY for a free network security assessment!