Re: Avoid Administrator password hacking ????

From: serge calderara (sergecalderara_at_discussions.microsoft.com)
Date: 07/01/05 

Date: Fri, 1 Jul 2005 04:46:03 -0700

Hi,

First of all the fact of not allowed my customers to update anything is
simply linked to the simple developper situation that always aoocurs when new
version arrive : DLL of HELL. And the only way to secure a standard system is
to fixed it with a particular version of files.

Now going back to my main issue, I do not want to get tool that reset admin
password, I need to know how I can prevent it to be reseted with those tools

serge

"S. Pidgorny <MVP>" wrote:

> G'day,
>
> For certain applications - like ATM code - connectivity that is required to
> pull the patches creates more exposure than just opening (usually) single
> port that is required for the functionality. I was working on a
> configuration for one of those and our baseline was a system with 0 ports
> listening; it's located in an alarmed steel safe and therefore physical
> security is taken care of.
>
> And I love NTpassword. It now lives on my MP3 player - a short doco how to
> do the config is found here:
>
> http://sl.mvps.org/docs/PasswordResetUSBDrive.htm
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
> wrote in message news:enIxJKhfFHA.3936@TK2MSFTNGP14.phx.gbl...
> > Physical access to a box means that you can easily reset the password
> >
> > http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
> >
> > A contract with your client saying 'you void the warranty if you reset
> > the password'
> >
> > However... "no updates?" Sir... I'd be having you sign a contract
> > saying within a reasonable about of time..say a day or so...that you'd
> > be patching that box. There's no way I'd let a vendor of mine determine
> > my patch status.
> >
> > serge calderara wrote:
> >
> > >Dear all,
> > >
> > >We are deploying to our worldwilde customers a set of application which
> is
> > >installed on an standard industrial PC (we are delivery the same PC to
> all
> > >our customer).
> > >
> > >The system need to be stable and fully functionnal 24h/day.
> > >For that we have issue a deployement security policy which is as follow:
> > > - Administrator user has been rename to something else
> > > - our customers can update any program on the system
> > > - our customers can not install any windows update
> > > - our customers cannot coonect the PC to they company Domain Controler
> > > - Administrator password is know only by us for maintenance purpose
> > >
> > >With this rules in place, we have a really stable and fully tested known
> > >environment.
> > >This to avoid library conflict as every developer is faced on each time
> > >
> > >Unfortunatly, we have some customer which managed to hack administrator
> > >password either by knowing it or by resetting it.
> > >
> > >As far as I know tools that can be found on the internet can just reset
> the
> > >password, or is there some which are able to show in clear text
> passwords?
> > >
> > >If this occurs, which procedure can I put it place in order to block my
> > >application if administartor password is changed ?
> > >
> > >thnaks helping me to solve that issue
> > >regard
> > >serge
> > >
> > >
> > >
> >
> > --
> > An open letter to the Security Community::
> > http://msmvps.com/bradley/archive/2004/12/12/23540.aspx
>
>
>

Relevant Pages

  • [NEWS] SIP Packet Reloads IOS Devices Not Configured for SIP
    ... Get your security news from a reliable source. ... SIP Packet Reloads IOS Devices Not Configured for SIP ... Proto Remote Port Local Port In Out Stat TTY OutputIF ... Enter configuration commands, one per line. ...
    (Securiteam)
  • decserver 900TM, PPP with security
    ... I have been able to get the PPP configuration to work from ... security disabled on the port. ... I haved looked at the port config and have ... tried both pap and chap but with no luck. ...
    (comp.os.vms)
  • Solaris Security Summary
    ... Administering Security on the Solaris OE ... Configuration control, facility management, and system ... Authentication: The ability to prove who you are. ...
    (comp.unix.solaris)
  • Spurious completions during NCQ
    ... support DPO or FUA ... ACPI: PM-Timer IO Port: 0x408 ... Using ACPI for SMP configuration information ...
    (Linux-Kernel)
  • comp.security.unix and comp.security.misc frequently asked questions
    ... Can I turn off identd? ... to learn about computer security? ... Niles and Jyrki Havia for tripwire bug details as posted to the newsgroup. ... connecting from port 20546 on your machine to port 25 on 205.238.143.33. ...
    (comp.security.misc)