RE: [fw-wiz] Stanford break in

From: Victor Williams (vbwilliams_at_essvote.net)
Date: 04/23/04

  • Next message: R. DuFresne: "RE: [fw-wiz] K----'s Waning Security"
    To: <ltaylor@relevanttechnologies.com>, "'R. DuFresne'" <dufresne@sysinfo.com>, "'Carric Dooley'" <carric@com2usa.com>
    Date: Thu, 22 Apr 2004 18:09:56 -0500
    
    

    I'm still wondering why anyone would put their password file in plain view
    of anyone that logs in...but maybe I missed something...

    Sticky bits and chmod/chown are your friend. It's a pretty trivial deal to
    lock someone in a chmod "jail" on any Unix-like OS current within the last 8
    years. They've even got filesystem and directory level ACLs now! My advice
    to anyone is "use them...liberally."

     
    Victor Williams
    Network Architect, RHCE #809003618508044
    Election Systems & Software
    http://www.essvote.com <http://www.essvote.com>
    vbwilliams@essvote.com
    (800) 247-8683

    CONFIDENTIALITY NOTICE:
    This e-mail transmission and any documents, files or previous e-mail
    messages attached to it may contain information that is confidential,
    protected by the attorney/client or other privileges, and may constitute
    non-public information. It is intended to be conveyed only to the designated
    recipient(s) named above. Any unauthorized use, reproduction, forwarding,
    distribution or other dissemination of this transmission is strictly
    prohibited and may be unlawful. If you are not an intended recipient of this
    e-mail transmission, please notify the sender by return e-mail and
    permanently delete any record of this transmission. Your cooperation is
    appreciated.

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Laura Taylor
    Sent: Thursday, April 22, 2004 4:40 PM
    To: 'R. DuFresne'; 'Carric Dooley'
    Cc: 'Chuck Vose'; firewall-wizards@honor.icsalabs.com
    Subject: RE: [fw-wiz] Stanford break in

    You need some user behavior/rules of engagement policies to deal with users
    bringing home password files and cracking them. And they should be enforced.
    Laura

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of R. DuFresne
    Sent: Thursday, April 22, 2004 1:11 PM
    To: Carric Dooley
    Cc: Chuck Vose; firewall-wizards@honor.icsalabs.com
    Subject: Re: [fw-wiz] Stanford break in

    >
    > Network synced passwords are the only way to manage a large number of
    > users. If you have 10 workstations and 1 server, it might be fine to
    > have no network directory, but with 300,000 users, I would say it's
    > impossible. I would consider: LDAP, NDS, AD, SecureID, RADIUS, TACACS.
    > (notice the conspicuous absence of NIS, and I wanted to leave out AD,
    > but it seems to be unavoidable these days.
    >

    HP made this usless, unless they have finally enabled a shadow setup in new
    versions of the OS. We played the single sing-on game at nortel, and played
    with password cracking and all that, but, since 80% of the servers were hp's
    and they lacked any seperation of passwords from the required /etc/passwd
    file, users wanting to up their privs on a system just took copies of the
    /etc/passwd file home and cracked to the point they felt they needed. And
    our CISSP's spent alot of time putting together all these metrics on strong
    passwords and how effective they were making security of the network,
    without facing the reality of the 80% exposure faced. HP folks a few years
    ago hinted that HP was going to change theit OS to include shadow password
    implimentations, but, I've long since moved on and these days don;t have to
    play on much but SUN's and AIX systems, so I do not know if they have
    something beside the horrid TCB that would break most interal apps for
    companies and require alot of retrofitting.

    Thanks,

    Ron DuFresne

    --
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            admin & senior security consultant:  sysinfo.com
                            http://sysinfo.com
    "Cutting the space budget really restores my faith in humanity.  It
    eliminates dreams, goals, and ideals and lets us get straight to the
    business of hate, debauchery, and self-annihilation."
                    -- Johnny Hart
    testing, only testing, and damn good at it too!
    _______________________________________________
    firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: R. DuFresne: "RE: [fw-wiz] K----'s Waning Security"

    Relevant Pages

    • Secure web console
      ... Years ago I installed a secure web console for a previous employer and just ... remember everything that I did to install it. ... Network guy is assigning a static IP address, ... If you have received this e-mail transmission in error, ...
      (comp.sys.hp.mpe)
    • Password cracker tool
      ... I have default set of user name & password using which I want to check my network for below scenarios. ... Try default user/password on all network printer management web logon. ... E-mail transmission cannot be guaranteed to be secure or error-free. ...
      (Pen-Test)
    • Network instability
      ... when I attempt to log on my connection gets ... We moved the cable to another port on our network switch, ... If you have received this e-mail transmission in error, ... To join/leave the list, search archives, change list settings, * ...
      (comp.sys.hp.mpe)
    • Re: Network instability
      ... Subject: Network instability ... To join/leave the list, search archives, change list settings, * ... If you have received this e-mail transmission in error, ...
      (comp.sys.hp.mpe)
    • Re: Network instability
      ... able to see lost packets on the network when it was maxed out. ... To join/leave the list, search archives, change list settings, * ... If you have received this e-mail transmission in error, ...
      (comp.sys.hp.mpe)