lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 23 May 2008 17:00:52 -0500
From: "Michael Krymson" <krymson@...il.com>
To: "Daniel Sichel" <daniels@...derosatel.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Thank you for help with management.

I wonder if anyone else on this forum supports Cisco VOIP servers? Do you
think you manage those? :) What about edge routers managed by your network
service provider?

This is not as outlandish a request as it sound like and my point with that
is to illustrate that this does happen.
Before you possibly dig yourself a hole with your manager and/or business
folks, sincerely ask them what they are trying to do. This may just be a
"business" (read: naive) solution to some need they have, which can be met
far easier by you. Maybe this can be put on your current file server
solution (if you have one), maybe they didn't think about how people access
this remotely, maybe they didn't think about what to do if someone unplugs
that machine and your team certainly isn't going to support it, right? Who
do you call and who does the calling? Your team will get every bit of intial
troubleshooting for this, so you may as well properly get the facts and get
familiar with the overall project. Will everyone have read/write access, and
if so, what happens when someone deletes what was out there? (If you don't
think it happens, I'll contract out to you for a week and delete it.) And
who manages the permissions?

All of that said, let's say this remains stupid. Put the box on its own
segment and wrap any other security technology around it in a way that it
cannot communicate to anything else nor anything to it outside of your share
process (smb, netbios...), and make sure it has no access to the Internet
nor undue access on your domain. Lock that sucker down and limit your
exposure.

Oh, and if this is holding some executable that is run or used by a process
on user workstations...can just anyone replace it with whatever they feel
like?

If it ever becomes a possibility, you should feel free to fill in more
details on what this server is, or what overall project/app this was for.
Those details certainly provide or hide a lot of context.



On Fri, May 23, 2008 at 4:26 PM, Daniel Sichel <daniels@...derosatel.com>
wrote:

>  Thank you to all who responded to my request for how to deal with a non
> secure server. Responses ranged from lol witty to incisive. I will
> definitely be asking the general manager for a  key to  his house and I will
> be requiring a release from liability in writing.  It was very helpful,
> thank you all again.
>
>
>
> Daniel Sichel, CCNP, MCSE,MCSA,MCTS (Windows 2008)
>
> Network Engineer
>
> Pwnderosa Telephone (559) 868-6367
>
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ