Re: Network Security

From: null (null_at_pc.net)
Date: 07/14/03

• Next message: Roger Stenson: "Monumental Problem with XP Pro Security"
• Previous message: Shawn: "Retrieving Files from another system's hdd"
• In reply to: R Martins: "Network Security"
• Next in thread: Blue Ice: "Re: Network Security"
• Reply: Blue Ice: "Re: Network Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 14 Jul 2003 09:26:45 -0400

R Martins wrote:
> To Microsoft Support Centre
>
> A very serious security issue has arisen in the place
> where I work, concerns an employee. On Feb a computer was
> allocated to a CEO in my department and it was given a
> network ID name "Win2kPC01". 4 months later, due to
> network problems, my company invited 2 senior staff to
> analyse our current Network Infrastructure, which was
> really an internal audit, and they have noted that the CEO
> Computer name has been changed. Disturbingly, it was
> changed to an offensive name.
>
> An investigation has been conducted, following a look-up
> on the log files located in the Event Viewer we have
> noticed that log files are no longer there, which tells
> that the perpetrators have deleted the log files after
> renaming the computer.
>
> I would be grateful if could advice me on how recover the
> lost/deleted log files since February so we can find the
> responsible perpetrator who logged in and changed the
> computer name to such
>
> Many thanks
>
> R Martins
> Systems Manager
> rachydmartins@aol.co.uk
>

Sounds to me like much ado about nothing. What you really need is to
improve your security so this can't happen in the first place.

-- 
-the small one
All postings carry no guarantee or warranty, expressed or implied. 
Proceed at your own risk, and perform system and data backups prior to 
making changes to your system, and on a regular basis, to protect your 
system.

• Next message: Roger Stenson: "Monumental Problem with XP Pro Security"
• Previous message: Shawn: "Retrieving Files from another system's hdd"
• In reply to: R Martins: "Network Security"
• Next in thread: Blue Ice: "Re: Network Security"
• Reply: Blue Ice: "Re: Network Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Network Security ... >> noticed that log files are no longer there, ... >> responsible perpetrator who logged in and changed the ... >> R Martins ... > improve your security so this can't happen in the first place. ... (microsoft.public.windowsxp.security_admin) [NT] OpenFile Win32 API Log Overwriting/Rewriting ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... to modify log files and obfuscate attacks. ... Though Microsoft's IIS 5 opens its log files with the same ... Norton Internet Security 2001 logs attacks and alerts to the files, ... (Securiteam) Re: Norton Internet Security 4.03 patch released ... If you are going to lock the log files, then please give us something that ... Fixed a problem where a NIS protected system would show as a security ... (comp.security.firewalls) Re: unsual entry using ipchains -nL ... I wonder which log files. ... Looks output policy is ACCEPT. ... are a really security paranoid, to change ipchains to iptables is good ... : all ports ... (comp.os.linux.security) Re: Compressible encryption ... >> Most log files contain highly stereotyped patterns, ... * It requires additional implementation work (how do you synchronize ... the overall availability of the system due to programming errors ... (which in my book means that it reduces the security of the system). ... (sci.crypt)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint