Re: network security suggestions needed

From: Microsoft Newsgroups (clarence@lanicu.com)
Date: 10/10/02 

From: "Microsoft Newsgroups" <clarence@lanicu.com>
Date: Wed, 9 Oct 2002 17:15:29 -0700

You could you this tool avoid brute froce attacks.
I think we have something you may have interest in seeing. If so, please
contact me if this looks like something you want see or you may go to our
web site and download this tool:

(Please use 'Clarence' when indicating how you were referred to our site.)

*******IMPORTANT USER MANAGER PRO - ADD-ON ** RANDOM PASSWORD
GENERATOR**********

Administrators should change the built-in administrator password on all of
their workstations at regular intervals. The common local machine
administrator passwords should be changed immediately when there is turnover
in the pool of network administrators. The password should also be changed
regularly to mitigate the possibility that one or more users may attempt to
covertly crack the local administrator password on their machine using tools
such as L0phtCrack. If all administrator passwords are the same (this is
the common scenario), then a cracked local administrator password allows
unrestricted administrator access to all machines using peer-to-peer
authentication.

If the local administrator password is common to all machines, but is
changed regularly and is cryptographically complex, then brute force
password cracking tools will take longer to crack the password than the
interval between password changes. In that case, cracking passwords is a
useless exercise. If the administrator fails to change the passwords
frequently enough, or uses passwords for the common account that are too
simple, then it would be possible to successfully crack the password and
gain unauthorized access.

The goal of this add-on is to make each machine's administrator password
different. By doing so, cracking a single password does not grant access to
all other machines. The module allows the password to be made as complex as
desired and takes care of the periodic changes without administrator
intervention. If it is desired to get the current password for a specific
machine, a built-in encrypted password recovery database can be maintained
by the program. Reporting on successful password change date and time is
also provided.

USER MANAGER PRO

What do you do when one of your domain administrators leaves the company
(not on the best of terms) and you have to change the local admin passwords
on all your machines as quickly as possible? You can open up User Manager
Pro, highlight the systems you'd like to change, set the password, hit apply
and boom, the change is done to all your systems and now you can move on.
Change 500 systems in minutes and move on to other

pressing tasks.

User Manager Pro has other impressive local machine mass management
capabilities. Instantly manage groups, memberships, rights, policies,
auditing and registry changes in just a few moments. User Manager Pro is
easier, faster and more reliable than group policies or script based
solutions. User Manager Pro is the perfect addition for administrators
using Microsoft SMS. User Manager Pro has extensive local machine reporting,
IP subnet scanning and more. Operations can be completed immediately or
scheduled to occur at specific times. Off-line machines are automatically
retried without operator intervention.

Clarence McDowell

Lieberman & Associates

Microsoft Gold Certified Tools for Windows NT/2000/XP Administrators

9107 Wilshire Blvd Ste 450

Beverly Hills CA 90210

P (01)310-550-8575 F (01)310-550-1152 www.lanicu.com

,./

"Altan" <nalta27_nospam@yahoo.com> wrote in message
news:af2d01c26faa$17b5a960$35ef2ecf@TKMSFTNGXA11...
> My Network:
> 2 Windows 2000 DC's, 50 client workstation (40 Win2k, 10
> Win98), VelociRaptor Firewall, 3 hubs, CAT 5, DSL
> connection, Gateway 192.168.1.1 (DSL out), POP3 email
> server at DSL company, Norton Antivirus Corporate Edition
> 7.x.
>
> The 2 DC's are used as File, Print, and Name servers to
> all departments.
>
> I need to configure the finance department w/ the most
> secure configuration that I can. The 10 workstations in
> the finance department are Win2k, TCP/IP.
> The Finance Department requires; internet access, a
> file/print/name server, and connection to the POP 3 email
> server at the DSL company.
>
> I am open to any suggestions that you may have
>

Relevant Pages

  • Re: Is complete home security possible?
    ... >> than an administrator level account, I will an error message on FS98, ... I have a clean disk image made from Norton Ghost, ... >> and I regularly ghost my machines once a month. ... Well, I keep important files on a second hard disk in the NAT Box, ...
    (comp.security.firewalls)
  • Re: Admin Password change causes problem ?
    ... security of other network attached machines. ... > This is not a Domain, just a group of machines set up as workgroup ... how many had a login with Administrator ...
    (microsoft.public.win2000.security)
  • Re: remote shutdown
    ... Remote computer is on peer network, and I can ping the remote ... Those should work great - if you are a system administrator of the ... Two machines in a workgroup. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Pulling hair out - and there aint much left
    ... remote services are not running or disabled on the target machines ... you have no local administrator rights (since you have not described your ... if the machines came pre-configured way back when and do not conform to ... > and am presented with a dialog for a logon. ...
    (microsoft.public.win2000.networking)
  • Re: SID
    ... Assuming you used the local Administrator account to join the PC ... We chose to rebuild the server. ... When we rebooted these machines all ...
    (microsoft.public.windows.server.sbs)