Re: Increasing security from student PCs

From: "Mark Randall" <markyr[mmmspam]@thatgmailthing.com>
Date: Thu, 24 May 2007 21:29:42 +0100

In my opinion, once a username and password is compromised then its game over as any use of it will become a genuinely authenticated user. Would every single staff computer always be physically protected?

Deploy smartcards.

- Mark

"Dave Fitton" <DaveFitton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:82137CB2-E686-451A-AE8D-7F04967C4BE9@xxxxxxxxxxxxxxxx

We are currently reviewing security on our college IT Network.

We operate a single Active Directory domain and give access to various
resources on the network using AD groups.

Being a college we have both student and staff users with appropriate rights
to fileshares, databases etc

We are particularly concerned with a scenario where a student gets hold of a
staff username and password.

As students only have access to the network from student PCs in classrooms
we would like to be able to limit the network resources 'visible' from
student classrooms.

Any information on this would be helpful

Thanks

Dave

Prev by Date: Re: Problems with Automatic Updates
Next by Date: Re: Unknown Process/Service: eventm (Event Manager)
Previous by thread: Re: Problems with Automatic Updates
Next by thread: Re: Increasing security from student PCs
Index(es):
- Date
- Thread

Relevant Pages

Best way to move user and computer accounts to new child domain?
... Until now the network has been very simple with a single Active ... Directory domain server and a number of client computers running Win ... in the student net and preferably have some kind of access to their accounts ... administrative/teacher net as their main network where they will develop new ...
(microsoft.public.windows.server.general)
Re: Best attack strategy for a Red Team?
... server, and a linux based DNS server. ... systems the target network has. ... with the student teams explaining the areas they were weak and strong ... the red team is busy attacking these services ...
(Pen-Test)
Re: AD forest layout recommendations
... we are implementing separate network level ... > protections in order to directly address security issues. ... > from student machines. ... >> A) GCs will authenticate for any domain in the forest, ...
(microsoft.public.windows.server.active_directory)
Re: School district and creative way to handle student passwords ?
... anyone who can get physical access to a DC (let alone *all* DCs ... access or exposure is automatically the same for all machines on that network. ... > paid head of ICT (hey I was a student there at the time). ... The reason I keep harping about the "separate forests, ...
(microsoft.public.security)
Re: strange windows behaviour.
... we've been having student windows ... > machines on our residential network begin spewing large, ... We promptly disconnect the machines and head down to do some ... Grokster. ...
(Incidents)