Announcement

Collapse
No announcement yet.

Tactics for Taking Over a Network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Tactics for Taking Over a Network

    Hello everyone. Thanks as always for your time. I would like some advice on how to quickly acclimate and take charge of a new network when the previous network admin is no longer available.

    Let's use this scenario - a guy/gal is an experienced Wintel admin but not so experienced in networking - CCNA level with some hands-on. The person is assigned to a new company and will be handling the infrastructure which contains mostly L2/L3 swithces and some Netscreen firewalls. There are some network diagrams and access to Cisco Works is available.

    If that person was you (now that you are a networking guru), what steps would you take to quickly acclimate yourself to the new network?

    Besides the obvious - studying the network diagram or logging into the devices and making backups of the configs or physically tracing devices and connections - it would be nice to know any tips, tricks, or methodical processes you have for these type of situations.

    Hopefully this isn't a lame question...if so, my apologies in advance!

  • #2
    Re: Tactics for Taking Over a Network

    I think you've got the right idea. Study whatever diagrams exist, log into devices and look at their configs, physically trace connections, draw your own diagrams, look at GPO settings, logon scripts, etc. There's no quick and easy way, it's detective work.

    Comment


    • #3
      Re: Tactics for Taking Over a Network

      If you know your subnets as well it is worth kicking out some automated pings to see what exists that you don't know about.
      The cisco devices may be able to show cdp neighbours (I think that is correct from a long time ago!).

      As joeqwerty says as well "draw your own diagrams" nothing is better in my opinion
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment


      • #4
        Re: Tactics for Taking Over a Network

        Unplug cables from patch panels one at a time and see who whinges

        I know you asked mainly about the network, but let's not forget the servers as well - get to know what tasks are scheduled to run on each server and what you should be looking for in terms of logs. Set up logging / alerting on anything that doesn't already have it setup. Keep an eye on the event logs to see if there's anything dodgy going on.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Tactics for Taking Over a Network

          if the guy connects his laptop to the network then he could run lansurvayor by solarwinds to quickly get an idea of what you have got.
          he could run some other utils to find shares ect
          and if he runs a sniffer in promiscous mode then he could potentially catch passwords ect ect.
          Please remember to award reputation points if you have received good advice.
          I do tend to think 'outside the box' so others may not always share the same views.

          MCITP -W7,
          MCSA+Messaging, CCENT, ICND2 slowly getting around to.

          Comment


          • #6
            Re: Tactics for Taking Over a Network

            Originally posted by Kesshin View Post
            If that person was you (now that you are a networking guru), what steps would you take to quickly acclimate yourself to the new network?
            I'd use some kind of network mapper like Lan Surveyer (as uk_network mentioned) or What's Up Gold. Then figure out how many VLANs you have and put the mapper on those VLANs if they're not routed to from the other VLANs. There are oodles of other network mappers out there so you can take your pick. I'd want to know how the SAN is set up, which servers connect to it and what volumes are used for what. I'd want to know if there's a backup network. Next I'd figure out what kind of switches and routers I have to work with. If they're halfway decent they should have some kind of traffic information that I can mine for information. I'm thinking of sFlow or Netflow as well as SNMP. I'm looking for traffic patterns and utilization. I'd want to know what protocols are heavy on the network and when. I'd check to see if QoS is utilized and for what protocols. If QoS isn't used you should already start to get an idea for if it should be used if you received good sFlow / netflow sample data.





            Originally posted by Kesshin View Post
            Besides the obvious - studying the network diagram

            Study the network diagram, but if it's not a live diagram (What's Up Gold, etc.) then know that it could possibly mislead you. If your training and instinct tell you that something on the diagram isn't quite right... I'd go with the training and instinct.

            Also, change the passwords to everything and start building a KeePass database with a strong master password. Give the master password to your boss and your boss's boss.


            Originally posted by Kesshin View Post
            Hopefully this isn't a lame question...if so, my apologies in advance!
            An example of a lame question would be: "I just took down the network because I didn't know what I was doing... how do I fix it? Plz hlp thx."
            Wesley David
            LinkedIn | Careers 2.0
            -------------------------------
            Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
            Vendor Neutral Certifications: CWNA
            Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
            Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

            Comment


            • #7
              Re: Tactics for Taking Over a Network

              Originally posted by Nonapeptide View Post
              Give the master password to your boss and your boss's boss.
              Assuming that they're both technical managers.
              Gareth Howells

              BSc (Hons), MBCS, MCP, MCDST, ICCE

              Any advice is given in good faith and without warranty.

              Please give reputation points if somebody has helped you.

              "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

              "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

              Comment


              • #8
                Re: Tactics for Taking Over a Network

                Originally posted by gforceindustries View Post
                Assuming that they're both technical managers.
                I wouldn't assume that. I've given my boss and one of his peers the virtual "keys to the kingdom" even though they're not precisely technical people. Why? Because he's the boss. He didn't demand to have them. Rather, I knew that I should give them to him to keep the "bus factor" high. Of course, the ramifications of misusing them were explained which I think they understand. Not all IT environments (nay, most of them) will be large enough to have two or more layers of management to give passwords to in order to "keep it in the family". Admins at some point must come to the realization that the passwords will have to be available to someone higher up who doesn't know the difference between a router and a switch and thinks AD is something you take Ritalin for. Or we could get too emotionally invested in the situation and end up like this fellow.

                This might be worth it's own thread...
                Last edited by Nonapeptide; 31st October 2008, 11:46. Reason: grammar
                Wesley David
                LinkedIn | Careers 2.0
                -------------------------------
                Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                Vendor Neutral Certifications: CWNA
                Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                Comment


                • #9
                  Re: Tactics for Taking Over a Network

                  Daft lad didn't cover his tracks

                  I agree with you that somebody higher up than me needs *access* to the passwords, but I certainly wouldn't just give them to the boss. Something like that would be locked in a firesafe that he is allowed access to. Given the nature of every boss I've ever had, the risk would be far too great.
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment


                  • #10
                    Re: Tactics for Taking Over a Network

                    Originally posted by gforceindustries View Post
                    I agree with you that somebody higher up than me needs *access* to the passwords, but I certainly wouldn't just give them to the boss.
                    Fair enough. That's actually what I do. I create a KeePass file with a good master password and store the passwords in there. I then reveal the master password to the appropriate people. This allows for a few good possibilities:

                    1) I can then change every password on every device and admin account from the single 'Uber Password" that they've used for everything in the organization to a unique password for everything.
                    2) If I suspect unwanted password usage I can change the password, document the change and then monitor the file to see who accesses it and impugn the guilty parties

                    As you can tell, this is a system only only fit for small to medium sized organizations. So, Kesshin, make sure to change the passwords for these network devices just in case. You may be surprised to find out who knew the passwords to the firewall (or the Domain Admin account, as was the case in one of my workplaces).
                    Wesley David
                    LinkedIn | Careers 2.0
                    -------------------------------
                    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                    Vendor Neutral Certifications: CWNA
                    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                    Comment


                    • #11
                      Re: Tactics for Taking Over a Network

                      Originally posted by Nonapeptide View Post
                      You may be surprised to find out who knew the passwords to the firewall (or the Domain Admin account, as was the case in one of my workplaces).
                      We had some software running that required the user to be a local administrator. Not quite understanding the difference, the previous sysad made them domain admins. Luckily for us they were about as bright as a 5W bulb with an unreliable and intermittent power supply.
                      Gareth Howells

                      BSc (Hons), MBCS, MCP, MCDST, ICCE

                      Any advice is given in good faith and without warranty.

                      Please give reputation points if somebody has helped you.

                      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                      Comment


                      • #12
                        Re: Tactics for Taking Over a Network

                        Thank you everyone for your insightful comments.

                        I asked whether or not it is okay to run a scan utility like LANsurveyor since some of the network devices are managed by an outsourced data center. Apparently I will have free reign to run network mapping utilities - kind of surprised to be honest, but I guess I shouldn't complain.

                        I had never heard of KeePass - it looks like a nice utility. Currently, the master password list is protected by a WRM (Windows Rights Management) protected MS Word document.

                        Thank you again for your time and advice - I really appreciate it!

                        Comment

                        Working...
                        X