RE: [fw-wiz] Stanford break in

From: Victor Williams (vbwilliams_at_essvote.net)
Date: 04/23/04

Next message: R. DuFresne: "RE: [fw-wiz] K----'s Waning Security"

Previous message: Paul D. Robertson: "RE: [fw-wiz] Stanford break in"
In reply to: Laura Taylor: "RE: [fw-wiz] Stanford break in"
Next in thread: R. DuFresne: "RE: [fw-wiz] Stanford break in"
Reply: R. DuFresne: "RE: [fw-wiz] Stanford break in"
Reply: Carric Dooley: "RE: [fw-wiz] Stanford break in"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <ltaylor@relevanttechnologies.com>, "'R. DuFresne'" <dufresne@sysinfo.com>, "'Carric Dooley'" <carric@com2usa.com>
Date: Thu, 22 Apr 2004 18:09:56 -0500

I'm still wondering why anyone would put their password file in plain view
of anyone that logs in...but maybe I missed something...

Sticky bits and chmod/chown are your friend. It's a pretty trivial deal to
lock someone in a chmod "jail" on any Unix-like OS current within the last 8
years. They've even got filesystem and directory level ACLs now! My advice
to anyone is "use them...liberally."

Victor Williams
Network Architect, RHCE #809003618508044
Election Systems & Software
http://www.essvote.com <http://www.essvote.com>
vbwilliams@essvote.com
(800) 247-8683

CONFIDENTIALITY NOTICE:
This e-mail transmission and any documents, files or previous e-mail
messages attached to it may contain information that is confidential,
protected by the attorney/client or other privileges, and may constitute
non-public information. It is intended to be conveyed only to the designated
recipient(s) named above. Any unauthorized use, reproduction, forwarding,
distribution or other dissemination of this transmission is strictly
prohibited and may be unlawful. If you are not an intended recipient of this
e-mail transmission, please notify the sender by return e-mail and
permanently delete any record of this transmission. Your cooperation is
appreciated.

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Laura Taylor
Sent: Thursday, April 22, 2004 4:40 PM
To: 'R. DuFresne'; 'Carric Dooley'
Cc: 'Chuck Vose'; firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Stanford break in

You need some user behavior/rules of engagement policies to deal with users
bringing home password files and cracking them. And they should be enforced.
Laura

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of R. DuFresne
Sent: Thursday, April 22, 2004 1:11 PM
To: Carric Dooley
Cc: Chuck Vose; firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Stanford break in

>
> Network synced passwords are the only way to manage a large number of
> users. If you have 10 workstations and 1 server, it might be fine to
> have no network directory, but with 300,000 users, I would say it's
> impossible. I would consider: LDAP, NDS, AD, SecureID, RADIUS, TACACS.
> (notice the conspicuous absence of NIS, and I wanted to leave out AD,
> but it seems to be unavoidable these days.
>

HP made this usless, unless they have finally enabled a shadow setup in new
versions of the OS. We played the single sing-on game at nortel, and played
with password cracking and all that, but, since 80% of the servers were hp's
and they lacked any seperation of passwords from the required /etc/passwd
file, users wanting to up their privs on a system just took copies of the
/etc/passwd file home and cracked to the point they felt they needed. And
our CISSP's spent alot of time putting together all these metrics on strong
passwords and how effective they were making security of the network,
without facing the reality of the 80% exposure faced. HP folks a few years
ago hinted that HP was going to change theit OS to include shadow password
implimentations, but, I've long since moved on and these days don;t have to
play on much but SUN's and AIX systems, so I do not know if they have
something beside the horrid TCB that would break most interal apps for
companies and require alot of retrofitting.

Thanks,

Ron DuFresne

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: R. DuFresne: "RE: [fw-wiz] K----'s Waning Security"

Previous message: Paul D. Robertson: "RE: [fw-wiz] Stanford break in"
In reply to: Laura Taylor: "RE: [fw-wiz] Stanford break in"
Next in thread: R. DuFresne: "RE: [fw-wiz] Stanford break in"
Reply: R. DuFresne: "RE: [fw-wiz] Stanford break in"
Reply: Carric Dooley: "RE: [fw-wiz] Stanford break in"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]