Re: Netowrk Admin. Breach



Chad,
The "how" is a big question. I have been looking for something useful for
you on this specific topic:
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true
You should also go through the Windows 2003 Security Guide
Hope that helps,
Anthony,
http://www.airdesk.co.uk




"Al Dunbar" <AlanDrub@xxxxxxxxxxxxxxxxxxx> wrote in message
news:%23NnKKvqyIHA.1772@xxxxxxxxxxxxxxxxxxxxxxx

<chadpendergrass@xxxxxxxxx> wrote in message
news:6d4dc076-31ff-43ed-a0f3-06baefb694d8@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jun 7, 7:35 pm, "Al Dunbar" <AlanD...@xxxxxxxxxxxxxxxxxxx> wrote:
<chadpendergr...@xxxxxxxxx> wrote in message

news:be936c45-66b6-4b38-b89e-1aee77577616@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jun 7, 2:07 am, "Anthony [MVP]" <anth...@xxxxxxxxxxxx> wrote:

I don't really want to discuss how to do it, but it is easily done,
Anthony, http://www.airdesk.co.uk

<chadpendergr...@xxxxxxxxx> wrote in message

news:0460e10d-9d38-4c89-be1a-3305ce7f2fc5@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jun 6, 1:49 pm, "Anthony [MVP]" <anth...@xxxxxxxxxxxx> wrote:

<snip>

How can I understand the seriousness of the situation if I don't know
what can be done? No offense, but in order to keep a system secure you
need to know areas where it can be exploited, and how.

=========

I understand what you are saying (and why), but I disagree.

If one's ability to keep systems secure is dependent on knowing how to
leverage all of the various possible exploits, then one is limited in
what
one can protect against.

Quite a few of the MS security patches deal with fixing buffer overflow
vulnerabilities through which a hacker "could gain complete control over
your system". I do not need to be able to do this myself, or even know
specifically how someone else might do it in order to protect our systems
against such attacks - all I need to do is apply the security patch.

Similarly in this case it should be enough to know that giving any sort
of
privileged access to any part of your infrastructure by failing to reset
passwords known to a departed admin could potentially open up more than
just
that one part of the infrastructure.

You have already taken this precaution, so, even without knowing how this
could be used against your company, you have shown due diligence.

/Al

You have a valid point, but it's the difference between using a TV and
wanting to know how it works. I'm not content with just knowing that
such and such a patch will protect against a certain kind of attack. I
want to know the type of attack, how to protect against it, and how
the attack is performed. I want to know the nuts and bolts of it.

==================

Yes, it is a bit like the difference between using a TV and wanting to
know how it works. But you can use the TV (or protect the infrastructure)
without that knowledge. That's why this is a *want* rather than a *need*.

The question is: are you only willing to guard against attacks that you
yourself understand the mechanism of, or would you like to also guard
against attacks that you do not understand so well? If being technically
capable of launching an attack was a prerequisite to being able to defend
against it, most organizations would be in real trouble.

Back to what you said earlier: "No offense, but in order to keep a system
secure you need to know areas where it can be exploited, and how." I
disagree with the last two words.


/Al




.



Relevant Pages

  • Re: Netowrk Admin. Breach
    ... but in order to keep a system secure you ... one can protect against. ... You have already taken this precaution, so, even without knowing how this ... such and such a patch will protect against a certain kind of attack. ...
    (microsoft.public.windows.server.security)
  • Re: Firewall security: Re: Problems with simple Samba file share
    ... >>million doesn't change my action of deploying a firewall ONCE. ... They keys can be obtained ... > What I suspect is that you think a special attack will be developed ... the firewall helps protect us. ...
    (comp.os.linux.misc)
  • Re: Netowrk Admin. Breach
    ... one can protect against. ... privileged access to any part of your infrastructure by failing to reset ... such and such a patch will protect against a certain kind of attack. ... Back to what you said earlier: "No offense, but in order to keep a system ...
    (microsoft.public.windows.server.security)
  • Re: Protection from Hackers
    ... protect your hard drive from an intruder that had physical access to your ... protect the accounts in the domain from this sort of attack [though the ... Linux / Unix / BSD are also vulnerable to this sort of attack. ...
    (microsoft.public.win2000.security)
  • Re: Liberal *peaceniks* refuse to see the coming storm
    ... in their power to destroy the effectiveness of America. ... With Bush in power, it's a safe bet that whatever ... protect the American people. ... 1993 attack, what did he do? ...
    (alt.politics.bush)