[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000201c34756$d99e84f0$827ba8c0@mihailescu.net>
From: luca at mihailescu.net (Luca Mihailescu)
Subject: Networking security problem?
I have no idea whatsoever where the problem really is...first of all in
9x land you don't have an admin share ( c$, etc ) so the payroll machine
had the entire c drive shared ( talking about security... ). Dunno if
you have a local domain or using a workgroup in which case you shouldn't
even use the word security in this context.
As for a screen saver password protected to reset the network
connections that's something I haven't seen yet.
Take linux for example and your favorite desktop manager ( ximian for
example ).
Lock the screen and see if your still able to access the defined samba
shares ( I'm using samba to be in the same windoze like world ) on that
machine.Well, they're still accessible and if you use nt domain auth you
don't need a u/p to connect ( if you are already logged into the domain
).
If the payroll stuff is so sensible and you guys have a problem w/
disgruntled employees maybe you should install nt/2k on that box and use
ntfs permissions ( much easier to implement if you have a domain ).
Just my 2 penny,
Luca.
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of gregh
Sent: Thursday, July 10, 2003 8:56 PM
To: Disclosure Full
Subject: [Full-Disclosure] Networking security problem?
Tested on XP Home and 98SE only.
------------------------------------
I wont make this a real long formal thing as it is quite simple and
rather than make it a bug style report, I am asking for your input.
Scenario:
----------
Last year I was working on a 98SE network problem that turned out to be
a busted NIC. The particular NIC was in a payroll machine with obviously
very sensitive info in it. In order to give some sense of security to
the payroll woman, at some time in the past, someone had set up a screen
saver password that she knew how to change. Eg, resume from screen saver
required typing the password to get any further on the machine to a
novice and as she kept the payroll room door locked anyway, it was
deemed "enough" by management. Unfortunately, though, along came I to
fix a minor problem and to be sure the NIC was responding each way (eg,
it could be seen by the machine in the same office) I installed the NIC,
then went to the other machine to ping it and see if programs were
working OK. Normal routine. Prior to me getting to the other machine,
she had questions and we spent 10 minutes talking and then I went to the
other machine and ran programs, pinged, searched the C drive on the !
payroll machine and came back to the payroll machine. I found the
machine was locked out by password and as she was standing nearby, I got
her to type the password in and away it all went.
Then it hit me - I had been running programs on the payroll machine from
the other machine in the network. Curious, I went to another office and
did the same thing after forcing the screen saver on. Again it all
worked and I could look up sensitive data. The LAN they have there does
have internet access and has a basic "out of the box" firewall and they
think they are safe. I pointed out how I easily got in from within their
office and others could do the same straight to the payroll machine from
outside but the manager said they couldn't as "we have a firewall".
Well, not wanting to push the point as this was the first time I had
been there, I left it alone but then decided to report those findings to
MS. Eventually they did respond but they said they don't see it as a
problem but WOULD make it an OPTION in the next SP for XP and also I
presume the next full OS (Longhorn?) they issue.
Am I being pedantic here? To my mind, if a password is required to use
the machine locally, it should automatically require the network
connection to be broken. XP goes back to the Welcome screen depending on
your settings or the NT looking username and password box you would all
know. I find it totally mystifying that a machine that is "protected" at
keyboard level by a password so people cant get into it and look up
sensitive info can still be gotten into at least by the local LAN and
info STILL gained. The problem here is if a disgruntled employee went
postal and knew this info, he/she could do what they want. I understand
the programs and data could be protected in other ways but it also hit
me that there must be quite a few small to medium companies living in a
delirious limbo like this, too.
Any comments? Am I just pedantic or is this really a headbanger?
Greg.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists