Possible inside security breach
From: G. Lentz (anonymous_at_discussions.microsoft.com)
Date: 08/28/04
- Next message: Paul Adare - MVP - Microsoft Virtual PC: "Re: Possible inside security breach"
- Previous message: Roger Abell: "Re: Oodles of 529 Logon Failures every 2:00 AM"
- Next in thread: Paul Adare - MVP - Microsoft Virtual PC: "Re: Possible inside security breach"
- Reply: Paul Adare - MVP - Microsoft Virtual PC: "Re: Possible inside security breach"
- Reply: Steven L Umbach: "Re: Possible inside security breach"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 28 Aug 2004 02:09:21 -0700
I have a strange situation that I really just need
clarification on so here goes.
I am an IT consultant for a company that has remote users
who connect via a VPN. One user, a recent contract
(potientially to be an employee) needed access to the
shared files/folders and e-mail. I gave him the
instruction on setting up the VPN on his home PC and was
going to get back to him on setting up the remaining
items (I work for other clients also) later. Instead of
waiting he and a friend logged onto the client's network
via the VPN and using their own words, "hacked and
guessed around about some things" so they could add his
PC to the domain and give him access to what he needed!
There are only two accounts on the domain that have
Administrator rights and his was neither. When I
questioned the user on this, suffice to say the friend
did all the work and he knows nothing. What really
puzzles me is that the client pricipal seems to think
nothing of this?!? He basically said well I guess you
have some competition.
Anyway my questions are:
1) I need to clarify that only an account with
Administrative privilages can create new user and
computer accounts in an AD domain?
2) Any possible ideas on how the hell they could have
done this? Don't need specifics, just could/can it be
done? I understand by the user having VPN access to the
network he basically had a key so to speak, allowing them
to bypass the normal things that discourage external
attacks (i.e firewalls).
I am going to try and speak to the client principla that
if they circumvented network security, then his network
is basically open at this point. Unfortunetely the
pricipal is high on this person and their abilities so I
may be creating an acrimonius situation by bringin it up.
My thinking is I don't want to be blamed for something
down the line as I feel I no longer have control over the
network. Thanks.
- Next message: Paul Adare - MVP - Microsoft Virtual PC: "Re: Possible inside security breach"
- Previous message: Roger Abell: "Re: Oodles of 529 Logon Failures every 2:00 AM"
- Next in thread: Paul Adare - MVP - Microsoft Virtual PC: "Re: Possible inside security breach"
- Reply: Paul Adare - MVP - Microsoft Virtual PC: "Re: Possible inside security breach"
- Reply: Steven L Umbach: "Re: Possible inside security breach"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
