Re: Pen Testing

---

• From: Volker Tanger <vtlists@xxxxxxx>
• Date: Mon, 20 Oct 2008 22:11:53 +0200

---

Hi!

On Mon, 20 Oct 2008 11:33:58 -0400
"Patrick Fitzgerald" <servicepointtest@xxxxxxxxx> wrote:

Is it common that a security company would need rights such as domain
admin rights to perform an audit on the network?

Depends on what you want them to audit.

If you want a software inventory of your windows machines, then having
DomAdmin permissions certainly can help. Otherwise they'd probably have
to distribute agents to the machines or work their way in.

What is the audio focus? Shall they support you doing advanced
administration e.g. by setting/checking GPOs and checking software
versions/licenses and registry settings? Then they probably have a
reason to need DomAdmin permissions.

If you have a different attack scenario e.g. them checking how outside
attackers might find a way in, then the most they could/should get is a
(patched) network plug and maybe an IP address they can use - plus the
obligatory emergency phone numbers and a list of systems *NOT* to test,
of course (ever bluescreened the central file server, anyone?). Then
getting a DomAdmin login probably is the goal, not the preriquisite.


Again: what are they supposed to check?

Simple check: let them explain in detail why they need those logins.
They should be able to show you step by step why and where they need
which permissions. If they can't, then check alternatives.

Bye

Volker

--

Volker Tanger http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@xxxxxxx PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

---

• References:
  • Pen Testing
    • From: Patrick Fitzgerald

• Prev by Date: Re: reporting a web site breach
• Next by Date: Re: Security Audit & pen testing fnial report
• Previous by thread: Pen Testing
• Next by thread: Re: Pen Testing
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Permissions (EVERYONE POST TO THIS) ... >Removing Admin rights from your users is the prudent thing to do. ... Or network admins that don't ... Hackers are usually the least of my security worries. ... my boss and all our superiors are aware of the risks ... (microsoft.public.win2000.security) Re: Locking down Mac OSX clients ... > Why are you giving them admin rights if you want to restrict their ... administrators because they product that they support must be installed ... Not to mention there are certain things (i.e. network prefs) that I ... preferences as the user then remove the preference panes. ... (comp.sys.mac.system) Re: Holes in my security - advice needed ... I will be blamed if there is an attack, ... I would do a audit of the information on the network. ... If they don't understand why it is bad,...then how did the company policy ... (microsoft.public.windows.server.networking) RE: network auditing ... I was just reading the thread on the "NASA security Audit" ... Port scan the target network IP. ... (Security-Basics) Re: co-worker spy annoyance ... >>assume that disabling that service did not have the desired effect. ... ensure she doesn't have admin rights on your computer. ... > admin rights she can install and run just about anything. ... complain to your network guys ... (comp.security.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)