Re: Netowrk Admin. Breach

On Jun 10, 8:18 pm, "Al Dunbar" <AlanD...@xxxxxxxxxxxxxxxxxxx> wrote:
<chadpendergr...@xxxxxxxxx> wrote in message

news:29879f80-857b-4dbc-9c38-4d81e70b23d1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jun 10, 4:18 am, "Anthony [MVP]" <anth...@xxxxxxxxxxxx> wrote:

Chad,
The "how" is a big question. I have been looking for something useful for
you on this specific
topic:http://www.microsoft.com/technet/archive/community/columns/security/e...
You should also go through the Windows 2003 Security Guide
Hope that helps,
Anthony,http://www.airdesk.co.uk

"Al Dunbar" <AlanD...@xxxxxxxxxxxxxxxxxxx> wrote in message

news:%23NnKKvqyIHA.1772@xxxxxxxxxxxxxxxxxxxxxxx

<big snip>

/Al- Hide quoted text -

- Show quoted text -

Thanks for all the info, guys. I'm looking at this from a hacker point
of view. A White Hat Hacker, that is. I can apply patches, and I can
run "canned" programs, and be pretty good at security. But I do
remember this White Hat I ran into years ago. The guy ran his own
consulting business, and did quite well for himself. He understood the
rudiments of each attack.

==> ah, yes, if you want to be a security consultant, then the more you know
of the techniques, the more marketable you will be...

I sacrificed my Linux box to him, and he performed a buffer overflow
and took root. He did it in under 5 minutes! He explained to me the
attack, but at the time it was a little beyond me.

But my approach to network security is similar to his.....I look at
how I could attack the system. And whenever an employee leaves I try
to imagine how he or she could get in....what methods they could use,
etc.

==> I agree. But whether or not their still knowing the admin password to
some relatively insignificant system in your network is something they could
use to attack your entire infrastructure should be a moot point: thay have
no business knowing any of your sensitive passwords. Given that there is no
business case for them to know passwords, it behooves the company to take
that away from them, just on principle, and regardless of whether or not
that knowledge could somehow be used against you.

I've worked with network integrators, and I've heard them tell clients
that their systems are secure. They'll say "Well, maybe so and so can
remote in, but their account has no privs. to do anything." I've
demonstrated that using an account with no privs. I can still delete
information by using some seemingly harmless programs.

==> you are right to be skeptical of claims of a system being secure,
because, quite frankly, we always seem to be playing catchup, and nothing is
ever 100% secure.

Now I am by no means a hacker. I have a great imagination, but I lack
the intelligence to be at a White Hat's level. But in my opinion, and
I could be offbase here, the REALLY good guys know how an attack will
occur, and why a certain precaution is taken to defend against the
attack. But I agree that in the real world you don't need to be at
this level just to defend a system.  But man....it can be pretty fun!!!

==> Agreed. we now seem to be pretty much on the same page.

/Al
Do you believe that eventually network administrators will have to
sign some ethics agreement, or have extensive background checks? When
I was coming up in IT I worked for a company that knew very little
about computers. I was really good at desktops having done tech
support for Compaq. When it came to servers and networks I was really
green. Anyway, they gave me full control of the entire IT
infrastructure. It was a great learning experience, but I did make
quite a few mistakes learning.

What struck me was how powerful the position was. I had access to
everything, and yet if I quit or got fired nothing could be done to
restrict my access. My personal policy is that whether I get fired or
not a company's info. is confidential. When I left that company I
created a document for the next IT guy calling to his attention any
user names and passwords he should change. I even made sure that the
Ebay and Paypal accounts we used for purchases had its passwords
changed. (I also didn't want to blamed if someone compromised the
accounts. If the passwords were changed, then I couldn't be held
responsible).

However, a lot of people aren't what they seem to be. I think the days
of just hiring someone to "fix the computers" will end in the near
future. We're going to end up having background checks, signing
agreements, etc.

.

Relevant Pages

  • Re: What does logon type mean???
    ... Run XP's Network Setup Wizard on that computer -- that's ... ntrights +r SeNetworkLogonRight -u Guest ... The commands that I gave don't add passwords to any ... The only account that I suggested for those commands is the Guest ...
    (microsoft.public.windowsxp.network_web)
  • Re: Home Wireless Networking and File Sharing
    ... passwords on all machines. ... You do not need to be logged into the same account ... on all machines and the passwords assigned to each user account can be ... network resourse. ...
    (microsoft.public.windowsxp.network_web)
  • Network account lockout
    ... my Network Passwords". ... >resources that require authentication my network account ... Does XP cache passwords? ...
    (microsoft.public.windowsxp.network_web)
  • Re: OT: Holy CRAP---nasty virus, worst Ive seen!
    ... Unless they try building up a database of things to attack from ... And would you expect an attempt against an account ... But *good* passwords are an important thing to have. ... You can have root access without password, either via sudo, or via ssh ...
    (rec.crafts.metalworking)
  • Re: Best explanation of W2000 security structure, passwords, logins, etc?
    ... Passwords are used of course to protect computers and network resources. ... access to even if it is network resources unless you enable the guest account which I ...
    (microsoft.public.win2000.security)