One of our customers was having intermittent Voice Over IP quality issues along with Credit Card processing issues. After several hours of working with the various outside service providers along with a modem replacement, we were convinced that we had a network device going bad and perhaps putting bad packets on the LAN.
We went on site with an arm full of replacement gear, phones, and switches and started our review. We noticed two new security cameras that were not on our plan or diagram and began to trace the cables. We found them plugged into a switch that was not in the network diagram as well. After further review, we concluded that the internet was also connected to this switch and then into the firewall.
Well, if you’re following along at this point, you may realize that this looks like a Man in the Middle setup, whereby something, hardware or software has all your internet traffic running through it. This is something you would NOT like to see when the customer is a business that has credit card data running through that device.
What was puzzling about this setup was that a well-known security company installed these cameras. Also, they must have seen the notes on the existing network switches not to connect ANYTHING to those ports so they just “tapped in.” Also, the other part of this was there was a “managed firewall” provider; why did they not detect that the MAC address on the Wan port was wrong?
In-depth conversations are needed with the two security vendors to prevent future problems; This particular incident had no long-term issues. Nevertheless, it serves as a lesson learned that without planning and physical security there is NO security.