Re: Urgent: Problem associated with NT.Advice required please
From: Zaw Oo (zaw@kcconsultants.com)Date: 03/18/02
- Next message: Zaw Oo: "Re: User Information"
- Previous message: Mystical Dluxe: "User Information"
- In reply to: Andy Franklin: "Urgent: Problem associated with NT.Advice required please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Zaw Oo <zaw@kcconsultants.com> Date: Mon, 18 Mar 2002 20:18:50 +0028
IMHO, depends on serveral factors.
1. How good the infiltrator(s) is(are). Insider / External?
2. How bad he/she/they want in.
3. How valuable it (what they're after) is. Is it worth the time?
4. How careful/careless skillful/clueless or lazy the admin is.
May be the logs got rotated. Not a lot of people bother with
backing up the logs.
I personally have seen clients got compromised without knowing
for over 1 year! And of course (they didn't know logging is even
an option).
Stating that something can't be done because it has never
happened to anybody is not a good logic.
All it take is (devious) motivated mind(s) and a big prize
(financial,ego,revenge).
Certainly hope that helps.
-- Zaw Oo, MCSE, CCNA, A+, Network+ Senior Consultant KC Consulting Group Inc. http://www.kcconsultants.comAndy Franklin wrote:
> > Look, im not a techie and I need to know whethere something is > possible or not. First I will give some detail on the system > concerned then I will ask a question in regard to that > system.Thanks.Bear in mind this is a big Public Organisations > system Im talking about. > > About System: > > The XXXXXXX software environment is based on the Microsoft > Windows NT Workstation network operating system and Microsoft > Office applications for the desktops, and Microsoft Windows NT > and Microsoft Back Office suite for the servers. The > department's custom-built applications run inside the Microsoft > Internet Explorer browser, which is driven by a Microsoft IIS > Server on the back end. The department also uses Oracle and > Microsoft SQL Server 7.0 as the corporate databases, and > continues to connect to legacy systems to handle certain > dedicated functions. > > The XXXXXXX network encompasses a head office station, six > 24-hour other offices, and more than 20 area offices as well as > mobile units. In addition to a team of Compaq ProSigniaTM and > ProLiantTM servers used for messaging, printing and data > warehouse functions, the department also chose to standardize > on Compaq DeskProTM 2000 PCs. These PCs offer "Best In Class" > desktop management functionality through innovative features > such as Compaq Intelligent Manageability. Compaq ProLiantTM > 7000 servers min. 3x4.3 GB hard drive with RAID 1, RAID 5 and > integrated backup Dual 200 MHz Intel Pentium Pro processors > 1GB RAM > Compaq ProLiantTM 2500 and ProSigniaTM 850R servers > 3X4.3 GB and 4X4.3 GB > Dual 200 MHz Pentium Pro processors > 128 MB and 512 MB RAM > Compaq Insight Manager > > Compaq DeskProTM PCs > 32 MB RAM > 2.1 GB HDD > P200 MMX processor > Compaq Intelligent Manageability > Compaq Insight Manager > Microsoft Back Office > Microsoft SQL Server > Microsoft IIS Server, > SMS Server > Microsoft Exchange Server > > > Question: bearing in mind this system is accessed by > hundreds of persons every day.Would it be possible > for someone to delete the Population Monitor List > (i.e. the list of all persons entitled to access etc) > and that not to be discovered for 3 months ?. I.e. they had > no record of who accessed the system or for what for 3 months > ?? Possible ,or fiction ? > > Thanks > Andy > > > > > > > >
- Next message: Zaw Oo: "Re: User Information"
- Previous message: Mystical Dluxe: "User Information"
- In reply to: Andy Franklin: "Urgent: Problem associated with NT.Advice required please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
