Summary: It's possible to accidentally create a connection or a bridge between two networks. We'll look at how, and what you can do to avoid it.
|
With most mobile equipment like laptops and tablets coming with a wide range of network connection options built-in, eg. 10/100, dial-up modem, 802.11 a/b/g and the ability to also add cellular modem capabilities to them as well, it opens the possibility of having more than one connection at any one time. For instance I could be connected with my 10/100 network card and at the same time be connected to another network via the dial-up modem or cellular modem or 802.11. This creates a huge security hole for corporate networks. Is there any utility that I could install on a laptop or tablet that would prevent these multiple connections from occurring? I don't have any issue with someone making a connection via any one of these network adapters, one at a time. I just want to prevent any possibility of bridging two or more network connections. |
I immediately thought of my laptop with ethernet, WiFi, infrared, dialup and BlueTooth. Quite the range of possibilities.
But preventing cross-talk? That's an interesting question.
•
A "bridge" in the networking sense is a connection between two networks. Anything that gets communicated on one network is reflected on the other and vice versa.
Windows XP explicitly supports bridging network connections. Have a look at your network connections in Control Panel, and you may or may not see a type of connection labeled a bridge. (They're apparently set up by default in some wireless network configurations, though I'm not sure why.)
And that brings us to at least one obvious thing to do: check your network connections for explicit bridges. If two of your network adapters are bridged, then they are effectively connected to each other through your machine.
So the good news is that if you have no explicit bridges, then at least you're not an open conduit between the two networks.
But both adapters are still functional. And there's nothing that I'm aware of that would prevent a piece of software, perhaps malicious, from "acting like" a type of bridge. Or selectively listening to one adapter, perhaps connected to a corporate network, and slurping up sensitive data to send out another adapter, perhaps connected to the internet.
I'm starting to understand why so many IT departments resist wireless networks or personal/non-standard computers.
I'd love to hear about additional solutions, but in the meantime, the best I can offer is to explicitly disconnect or disable the network adapter that you're not using if it would otherwise connect in a way that might compromise you. And as always, be careful the software you install and scan for malware and viruses regularly.
Article C2108 - July 9, 2004
Hi!
Posted by: Anton at July 16, 2004 11:23 PMThe best way to do this, is to install a firewall and to see the wireless part as unsafe. A hardware/firmware firewall might be best for this...
Regards,
Anton
great
Posted by: sohel at September 30, 2004 11:24 PM