Our server in a our client’s network – What possible attacks are there?
I apologise in advance for this question being very sparse in details and sounding rather hypothetical, reasons for this are hopefully explained below. I am not a security expert, but I am in a managerial position and find myself now arguing in defense of extra security measures for this case.
My company is in the process of ingesting data that comes from our clients' sensors and cameras by our network. There are numerous potential clients and all of them have a different network topology. The idea is to have a "data collection" server in the client's network, all the sensors/cameras/devices that we need data from are sending their data to this server. We will remotely connect to this server to download the data to our network.
In between their network and ours is obviously the internet, but also a special (high-level next-generation) firewall set up by our service provider and our own security infrastructure.
The client may also have firewalls and various security methods, but their level of security varies greatly and so does the security knowledge of their staff who operate in their network.
Because their staff and all of the devices in their network are beyond our control, I consider them a risk by default and for this question we can assume they can be compromised by an attacker.
For simplicity's sake, let's assume the data we need comes from web cameras/security cameras.
Let's assume the hypothetical attacker gains a foothold in their network and then proceeds to laterally move in the network and maybe even escalate privileges to the client network's admin level.
I have argued that we need to at least take some steps to logically separate the "data collection" server we need from the rest of their network. These could be setting up a software firewall on the server and to change the admin/user passwords so that they would be different from the rest of the network, and hardening our server in general.
The arguments against this are that the client would be setting up said server in their network and is reluctant to do the extra work and it would not be needed, since our side of the network is quite protected by the service provider's security and our own.
The questions are:
- What potential attacks do you see an attacker could perform to perform malicious activities in OUR network by compromising the data collection server in their network?
- Could he for example use the data download/streaming to establish a remote shell/beacon/something else in our network?
- Is there at least a strong theoretical opportunity to bypass our firewalls, given that we are expecting data from that server anyway?
- Or am I just wrong to worry and we should go ahead with the integration?
I've attached a purely hypothetical topological example picture that I drew in Packet Tracer, it doesn't depict a real network. The device models don't represent the actual devices. The client side may in reality be a vast network with hundreds of users. Still, hopefully it clarifies the example situation.
