RE: Disabling Cached Logon Credentials

From: Nick Duda (nduda_at_VistaPrint.com)
Date: 12/30/03

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #169"
    Date: Tue, 30 Dec 2003 15:36:08 -0500
    To: <dwr3ck@hushmail.com>, <focus-ms@securityfocus.com>, <full-disclosure@lists.netsys.com>
    
    

    Even with physical access you (a hacker) want to do what you have to ,
    leave and still be undetected. If a hacker is going to get to a physical
    server only to change the admin password and do some hack (i.e. trojan),
    I would find it silly because when the admin finds out that its not a
    password he supplied, that system is as good as formatted. This is why
    disbaling stuff like autoplay on cd roms is a good idea, and not to just
    lock servers screensavers but rather logout.

    I don't think disbaling cached logons is something to worry about if in
    a secured data center, but merly a common practice for any security
    professional (i.e. do the job right, or don't do it at all, don't
    halfass when it comes to security)

    - Nick
     

    -----Original Message-----
    From: dwr3ck@hushmail.com [mailto:dwr3ck@hushmail.com]
    Sent: Tuesday, December 30, 2003 1:29 PM
    To: focus-ms@securityfocus.com; full-disclosure@lists.netsys.com
    Subject: Disabling Cached Logon Credentials

    Disabling cached logon credentials is on virtually every server
    hardening checklist.

    If you have your servers physically secured in a data center what is the
    real benefit of disabling cached logon credentials?

    Whenever a server is off the network, admins have to obtain the local
    admin password. Depending on how you handle local RID=500 account
    passwords this can add significantly to downtime when resolving issues.

    Does anyone know of a way to exploit cached credentials over the wire?
     

    If someone has physical access to a system they own it anyway:

    http://home.eunet.no/~pnordahl/ntpasswd/

    Concerned about your privacy? Follow this link to get FREE encrypted
    email: https://www.hushmail.com/?l=2

    Free, ultra-private instant messaging with Hush Messenger
    https://www.hushmail.com/services.php?subloc=messenger&l=434

    Promote security and make money with the Hushmail Affiliate Program:
    https://www.hushmail.com/about.php?subloc=affiliate&l=427

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #169"

    Relevant Pages