all good security plans laid to waste

A 5 star hangout for overworked and underpaid system admins.
travis_farmer
Posts: 25
Joined: 2017/03/18 11:43:50
Location: Maine, USA
Contact:

all good security plans laid to waste

Postby travis_farmer » 2017/04/06 09:55:07

here are the symptoms on my network and server that i observed:
slow response for some services, such as Webmin (couldn't even log in).
WiFi router lights flashing normally. but...
WiFi bridge/extender lights flashing like crazy.
Strange computer listed on the network.

my thoughts:
WiFi bridge/extender has been compromised.

planed resolution:
run a hard-line between my WiFi-router, and the network switch in my workshop, where the server is, thus eliminating the WiFi bridge/extender

I never liked the bridge/extender anyway.
so anyway, my server will be down until i get back from work this afternoon. I figured it was safer to keep it off-line until the security is restored.
then i have to do some investigating to see if anything on my server was compromised.
I set things up with the expectation that my network was secure, but now i think i will have to lock things down a bit tighter.

Moral of this story? a security breach can, and eventually will come from where you least expect it. just because you secure your front-end, doesn't mean the back-end should be left open.

~Travis
CentOS 7.3.1611 on a Dell PowerEdge 1950,
with Intel(R) Xeon(R) CPU 5150 @ 2.66GHz, 4 cores,
4GB ram, 2.5TB storage.
if my mannerisms seem odd, it has been suggested i have Asperger's (and i am odd ;) )

travis_farmer
Posts: 25
Joined: 2017/03/18 11:43:50
Location: Maine, USA
Contact:

Re: all good security plans laid to waste

Postby travis_farmer » 2017/04/06 21:19:16

well, the server wasn't compromised, but the WiFi bridge/extender was. the server now connects via a hard-line to the router, and the WiFi password was changed, again, just in case. I miss the days of good security from an all hard-line network, but then i think about dragging an Ethernet cable with me as i use my laptop. I think the larger and more complicated WiFi password is a good compromise. :D

but anyway, the server is back online. just in case someone actually wants to visit it ;)

~Travis
CentOS 7.3.1611 on a Dell PowerEdge 1950,
with Intel(R) Xeon(R) CPU 5150 @ 2.66GHz, 4 cores,
4GB ram, 2.5TB storage.
if my mannerisms seem odd, it has been suggested i have Asperger's (and i am odd ;) )