Re: Protection from Hackers

From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 11/30/02 

From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com>
Date: Fri, 29 Nov 2002 23:59:22 -0500

Agreed. Additionally, using the SYSKEY command to either require a password
or a floppy disk at boot time might help mitigate this problem.

[I would imagine that renaming or deleting the SAM file would still reset
all the passwords, but then you could also use a free or not free encryption
program to encrypt the hard drive to try to prevent this from happening.
Encrypting the hard drive is what you'd need to do if you really wanted to
protect your hard drive from an intruder that had physical access to your
computer anyways.]

Additionally, you could monitor your computers to detect changes to the
local accounts. Joining the computers to a Windows domain also helps
protect the accounts in the domain from this sort of attack [though the
local administrator account is still vulnerable]. Using NTFS format on your
hard drives is also generally a good thing to do.

Search www.microsoft.com/support for SYSKEY to find out more information
about syskey, and http://securityadmin.info/faq.htm#encryption for lists of
encryption programs.

AFAIK, Linux / Unix / BSD are also vulnerable to this sort of attack. This
attack on either Windows or *nix is trivial because you don't necessarily
need to be able to crack the hash, just delete or insert an account.

"Dennis Houchin" <Dennis@_NOSPAM_adhocis.com> wrote in message
news:u8KSRa#lCHA.2064@tkmsftngp07...
> Hi Carl,
>
> In order to successfully accomplish this, the 'attacker' has to have
> physical access to the system. You protect against this sort of attack by
> denying physical access. Lock the server, Lock the server room, use logs
> and other measures to monitor and control access to the room.
>
> The bottom line is that once your attacker has physical access, any other
> protection measures are essentially nullified.
>
> Dennis Houchin
>
> In news:#XBtFt9lCHA.1324@tkmsftngp04,
> Carl Hilton <noone@nospam.com> typed:
> > I saw a demo of a bootable floppy that launched into LINUX then the
> > user was able to reset the Administrator Password on the NT boot
> > drive. Now I know that one aspect of NT security is to rename the
> > Administrator account, but this program showed ALL accounts and you
> > could select which to change.... How can we protect ourselves from
> > this type of breach?
> >
> > Carl
>
>

Relevant Pages

  • Re: physical security
    ... But Ulf brings up a good point: ... >> possible and some tool is availabel to this attack. ... Service Accounts for Software Distribution which ... > DC which you have physical access and run a brute force attack against ...
    (microsoft.public.windows.server.active_directory)
  • Re: Firewall security: Re: Problems with simple Samba file share
    ... >>million doesn't change my action of deploying a firewall ONCE. ... They keys can be obtained ... > What I suspect is that you think a special attack will be developed ... the firewall helps protect us. ...
    (comp.os.linux.misc)
  • Re: Liberal *peaceniks* refuse to see the coming storm
    ... in their power to destroy the effectiveness of America. ... With Bush in power, it's a safe bet that whatever ... protect the American people. ... 1993 attack, what did he do? ...
    (alt.politics.bush)
  • Re: Liberal *peaceniks* refuse to see the coming storm
    ... in their power to destroy the effectiveness of America. ... With Bush in power, it's a safe bet that whatever ... protect the American people. ... 1993 attack, what did he do? ...
    (alt.politics.bush)
  • Re: Partitioning,multibooting etc and security
    ... Hi David, ... and all Windows partitions are NTFS? ... Again, you have reduced the attack surface, ... > 1) Does placing data or programs on their own partition reduce or protect ...
    (microsoft.public.windowsxp.security_admin)