Continuing in our series about Pwn Pulse and its potential uses is the following “fair weather” example. While many associate Pwnie Express tools with penetration testing, it can also be useful for assessing the health of your security processes.
The day to day security operations of an average network are not terribly exciting. Once everything is setup and running, the routine of checking to make sure everything is working correctly takes up most of your time.
That’s bad enough if you’ve only got one location to contend with, but what if you have remote branches? Hiring staff to handle security issues at the various branches may not be an option, so time will have to be split up between them all. If you have to physically visit these remote locations, the problem becomes even worse. Time spent on the road is time wasted.
The reality is, remote branches are often ignored unless a serious problem develops. There simply isn’t enough time in the day to make a sweep of all the locations to ensure everything is working smoothly. The irony is that if you could keep a closer eye on the remote branches, you’d be able to head off a lot of problems before they took root, saving you time in the long run.
Pwn Pulse provides a window into the devices operating in these. You can use Pwn Pulse to not only keep an eye on your location, but by using it as a comparison to your standing security assessment tools.
Practical Example: Small Bank
Imagine that you were in charge of the network for a small independant bank that has a main branch and 6 smaller branches all within a 10 mile radius. The branches are too small and close together to justify the expense of hiring IT staff for each one, so you have to balance your time between them all. But the main branch has the largest number of users and is arguably the most important, so in practice the majority of your time is spent there. The remote branches are left to languish on their own, in hopes that nothing major comes up.
Unfortunately, if something does come up, it could very easily affect your entire network. Remote site security is too often overlooked, the assumption being that no important data is stored in these locations. However, this assumes “perfect security practice,” a situation which can rarely be emulated in real life. Even with appropriate segmentation of the remote site and headquarter networks, login credentials found with an EvilAP could provide an attacker direct access to the sensitive information you keep behind firewalls.
Pwn Pulse is the solution to that remote site gap. Automated asset discovery and rogue device detection give security professionals potentially located at headquarters or another location a fuller picture of security at the remote location. Even more importantly, it is a complete picture. With the ability to run vulnerability scans against your network on a predetermined schedule, you can make sure that all computers are downloading and applying the appropriate updates. If you know an update was pushed out to fix a specific vulnerability, and there are machines in your network still susceptible to them, you’ll know which machines need to be more closely examined.
You can see trends across networks [i.e. seemingly random rogue access points run on similar hardware at three different branches in the same neighborhood], you can pinpoint problem areas across the organization (i.e. guest wireless is frequently used by new employees), and you can understand the behavior not only of your network, but of the devices connecting to it.