Re: Is it safe to use social securty number as intranet username? (long)

From: Barry Margolin (barmar@genuity.net)
Date: 05/17/02

• Next message: Barry Margolin: "Re: SSH vs. Dialup security"
• Previous message: adrn@remove-for-email.netaxs.com: "Re: ensuring total security"
• In reply to: MARK BURGGRAF: "Re: Is it safe to use social securty number as intranet username? (long)"
• Next in thread: Mathias Grimmberger: "Re: Is it safe to use social securty number as intranet username? (long)"
• Reply: Mathias Grimmberger: "Re: Is it safe to use social securty number as intranet username? (long)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Barry Margolin <barmar@genuity.net>
Date: Fri, 17 May 2002 15:08:07 GMT

In article <OAYE8.6474$v23.189769982@newssvr17.news.prodigy.com>,
MARK BURGGRAF <mburggra1@prodigy.net> wrote:
>Mathias Grimmberger <mgri@zaphod.sax.de> wrote in message
>news:m3adqzsurg.fsf@zaphod.sax.de...
>> > How would the coffee boy get access to the internal database of the
>> > intranet server?
>
>Easy. In most cases now-a-days he doesn't even need to be an employee. Our
>company uses a 'wire-less' intra-net in addition to the traditional
>'hardwire'. This accomodates laptops, etc. I've written several memo's
>with step by step instructions on how some one could sit in our parking lot
>and hack into our net-work. I've offered a demonstation...

Access to the network is not the same as access to the internal database of
the server. If the machine is properly secured, people with access to the
network should only be able to access their own accounts.

If people can hack into servers with important data on it, then you have a
far bigger problem.

-- 
Barry Margolin, barmar@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

---

• Next message: Barry Margolin: "Re: SSH vs. Dialup security"
• Previous message: adrn@remove-for-email.netaxs.com: "Re: ensuring total security"
• In reply to: MARK BURGGRAF: "Re: Is it safe to use social securty number as intranet username? (long)"
• Next in thread: Mathias Grimmberger: "Re: Is it safe to use social securty number as intranet username? (long)"
• Reply: Mathias Grimmberger: "Re: Is it safe to use social securty number as intranet username? (long)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Would you put web-server on the same machine as your company internal database? ... On Behalf Of Apollo at Carmel Music & Entertainment ... > moving everything into one server and doing RAID1 on it. ... > John Dangler wrote: ... (Fedora) RE: Would you put web-server on the same machine as your company internal database? ... If your're leaving, and the job is _really_ a part-time effort, why don't ... moving everything into one server and doing RAID1 on it. ... John Dangler wrote: ... (Fedora) Re: Is it safe to use social securty number as intranet username? (long) ... >>> How would the coffee boy get access to the internal database of the ... >>> intranet server? ... >and hack into our net-work. ... network should only be able to access their own accounts. ... (comp.security.firewalls) Re: Is it safe to use social securty number as intranet username? (long) ... >>> How would the coffee boy get access to the internal database of the ... >>> intranet server? ... >and hack into our net-work. ... network should only be able to access their own accounts. ... (comp.security.firewalls) Re: Is it safe to use social securty number as intranet username? (long) ... >>> How would the coffee boy get access to the internal database of the ... >>> intranet server? ... >and hack into our net-work. ... network should only be able to access their own accounts. ... (comp.security.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)