Re: users locked out spontaneously...

From: Patrick M. Ring (cyclops@)
Date: 11/01/02 

From: "Patrick M. Ring" <cyclops@<nospam>louisianawebhost.com>
Date: Fri, 1 Nov 2002 08:15:34 -0600

I have the Symantec NAV Corporate (7.6) for my virus protection... it
updates daily (if updates are available) and the day before I posted, I did
turn on all auditing of login events and I am auditing any failure event now
(for all possible events).

I'm on SP2 with most Hotfixes in place. SP3 has some questions of a
security breach in it (put there by MS) that I discovered at a client's
network (medical management company).

Though it's somewhat of a lessening of security, I did put a :30 min reset
on the account lockout (mainly because I can't always be there to unlock
(nor can my small staff)), so I don't get so many phone calls.
If there's more I should do, I'm always open to suggestion.

Thank you,
Patrick M. Ring
Louisiana Web Host, LLC.
cyclops@louisiana<nospam>webhost.com
=====================================

"Daniel Angelucci" <angelucc@nospam.duke.edu> wrote in message
news:3DC13589.4090601@nospam.duke.edu...
> If you set security auditing for logon events, you can see what is
> locking out the accounts. Search for event 644. Unfortunately, if you
> don't have security auditing on, you will need to wait for it to happen
> again to see what is going on.
>
> There are worms out there that do exactly what you are describing. So,
> I second the 'update your virus software' suggestion heartily.
>
> Dan
>
> CRH wrote:
> >>I run a small web hosting and presence provision company. Our servers
are
> >>Windows 2000 (sp2) and we have separate servers running DNS, IIS (5),
> >>Exchange (5.5sp4), etc. The domain model basically has one "PDC" (or
> >>active directory equivalent) with the others getting the replicated
> >>security, AD, and DNS information.
> >>
> >>The problem is this: Twice now, I have had instances where not just one
> >>or two, but ALL users are for no apparent reason locked out of their
> >>accounts (Win2K).
> >
> >
> > Hmmm...........
> >
> >
> >>Is it possible that someone has hacked far enough to get the usernames
of
> >>the accounts?
> >
> >
> > Yes.
> >
> >
> >>What is possibly happening? Are there any articles or security measures
I
> >>might be missing?
> >>
> >>>>I have tried to take as much into account as possible, but these holes
> >>>>are discovered daily....
> >>>
> >
> > Make sure all your patches and anti-virus software is current.
> > Go here often http://www.microsoft.com/technet/security/default.asp.
> >
> > Be wary if disgruntled employees esp. in IT.
> >
> > --
> > Ciao,
> > CRH 8^)>
> >
>
>

Relevant Pages

  • Re: are the updates really necessary
    ... computer industry as a hardware and software support ... could be prevented if the end user kept their OS, virus ... updates and patches are concerned. ... due to a major OS or application crash, or to a security ...
    (microsoft.public.windowsxp.security_admin)
  • Microsoft Security Updates
    ... >Ever since I signed up to receive Security Bulletin ... >updates supposedly from Microsoft. ... scan even FOUND the installed virus. ...
    (microsoft.public.win2000.security)
  • Re: [Full-Disclosure] Fwd: Internet Security Update
    ... > of a hoax, a virus, or a Trojan Horse that I have not yet heard of. ... Both good clues in themselves that this is not from Microsoft without ... as a matter of policy _never_ sends patches or updates via ... Googling for the phrase "this is the latest version of security ...
    (Full-Disclosure)
  • Re: Linux Virus Prevents System to boot up?
    ... How well have you been keeping up with security ... >virus prevent the system to boot ...
    (comp.os.linux.setup)
  • Re: Oh Dear, Where to start?!
    ... >experience in the field of network security and policy ... >computer security and policy development. ... >updates, driver updates, and recommended updates. ... >use, passwords, physical security, backup/disaster ...
    (Security-Basics)