Home »
Networking
Summary: It's possible to accidentally create a connection or a bridge between two networks. We'll look at how, and what you can do to avoid it.
With most mobile equipment like laptops and tablets coming with a wide
range of network connection options built-in, eg. 10/100, dial-up modem, 802.11
a/b/g and the ability to also add cellular modem capabilities to them as well,
it opens the possibility of having more than one connection at any one time.
For instance I could be connected with my 10/100 network card and at the same
time be connected to another network via the dial-up modem or cellular modem or
802.11. This creates a huge security hole for corporate networks. Is there any
utility that I could install on a laptop or tablet that would prevent these
multiple connections from occurring? I don't have any issue with someone making
a connection via any one of these network adapters, one at a time. I just want
to prevent any possibility of bridging two or more network
connections.
|
I immediately thought of my laptop with ethernet, WiFi, infrared, dialup and
BlueTooth. Quite the range of possibilities.
But preventing cross-talk? That's an interesting question.
•
A "bridge" in the networking sense is a connection between two networks.
Anything that gets communicated on one network is reflected on the other and
vice versa.
Windows XP explicitly supports bridging network connections. Have a look at
your network connections in Control Panel, and you may or may not see a type
of connection labeled a bridge. (They're apparently set up by default in some
wireless network configurations, though I'm not sure why.)
And that brings us to at least one obvious thing to do: check your network
connections for explicit bridges. If two of your network adapters are bridged,
then they are effectively connected to each other through your machine.
So the good news is that if you have no explicit bridges, then at least
you're not an open conduit between the two networks.
But both adapters are still functional. And there's nothing that I'm aware
of that would prevent a piece of software, perhaps malicious, from "acting
like" a type of bridge. Or selectively listening to one adapter, perhaps
connected to a corporate network, and slurping up sensitive data to send out
another adapter, perhaps connected to the internet.
I'm starting to understand why so many IT departments resist wireless
networks or personal/non-standard computers.
I'd love to hear about additional solutions, but in the meantime, the best
I can offer is to explicitly disconnect or disable the network adapter that
you're not using if it would otherwise connect in a way that might compromise
you. And as always, be careful the software you install and scan for malware
and viruses regularly.
Article 368 | Posted July 9, 2004
•
Hi!
Posted by: Anton at July 16, 2004 11:23 PMThe best way to do this, is to install a firewall and to see the wireless part as unsafe. A hardware/firmware firewall might be best for this...
Regards,
Anton
great
Posted by: sohel at September 30, 2004 11:24 PM