4n6strider

Your Data Zen starts here.

Visualization of undisclosed Intranet

Intranet is one of the weak points of every company´s security.

It is caused by fact, that there are listed sensitive information like data about employees, new products, strategies, finance, organization charts and even document/ email templates.

It is very common that access to company´s intranet is available to all employees without restrictions derived from job descriptions, responsibilities and so on.

Once new employee is hired, he/she has full access to all documents. Sensitive documents are secured only by the fact that they are somewhat hidden within structures of intranet itself.

Another issue is that permissions for each document are not frequently reviewed and revoked, if necessary. As role of an employee changes, he/she has access to more and more documents, some of them might be sensitive.

A lot of companies is using Microsoft SharePoint. If set properly, SharePoint has very detailed and matured tools for access management using its compatibility with Active Directory.

On the other hand, as company or department grows it might get difficult to manage so many permissions groups. Without proper process this poses serious security risk.

From Black Hat point of view, visualization of intranet can show some interesting weak parts and important nodes to control.

1) Intranet of undisclosed global company. Sensitive data might be stored in documents on the website.

Green nodes –  excel files.

Blue nodes – word documents.

Red nodes – Adobe documents.

Orange – scripts.

gis-sp-all-FR-FA-modularity9-sun-final

2) Intranet of undisclosed global company, department of business services. Coloring represents various data types (file extensions).

ITNBS3

 

Next Post

Previous Post

© 2017 4n6strider

Theme by Anders Norén