lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: pwicks at oxygen.com (James Patterson Wicks)
Subject: Removing FIred admins

We are working on something called "The Button", which is nothing but
small script that activates a series of scripts that change all root,
local and domain administrator passwords on our Unix and Windows servers
when run.  We also have to set up a script that will change the local
administrator password on all the desktops and laptops, but that script
has to run several times due to the fact that we have a mobile sales
force.  "The Button" can only be activated by the CTO and will require
all administrators to meet with the CTO after the scripts run to get the
new passwords.  I know that there are solutions out there that do the
same thing, but why pay for someone to put a GUI on a scripted process.


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Cael Abal
Sent: Thursday, February 12, 2004 11:14 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Removing FIred admins

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael T. Harding wrote:

| Anybody know of a checklist or guide to removing access across the 
| entire organization for a "retired" admin?
| Mixed environment including Linux, Unix, Windows, Cisco, Nortel

Wow.  Nightmare.

I would expect this is exactly what you didn't want to hear, but you're
in an awfully scary situation.  Imagine every sneaky thing a cracker
could do -- subvert your IDS, implement Ken Thompson-esque
login/compiler bugs, etc... And then consider that they might've
happened any time in the past few years and have by now completely
infiltrated your backup media.

Good luck.  You're really at the mercy of your (ex) admin.  All you can
hope to do is take care of the obvious stuff -- disable his accounts,
change the passwords of any shared accounts / devices, etc.

The alternative (if you can call it that) is to treat your network as
though it was compromised and go from there.

One choice is relatively inexpensive, the other will result in a network
you might be able to trust.

take care,

Cael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFALE8kR2vQ2HfQHfsRAiolAJ41aFarNC7bLN6v053o/aiTrvqJ9ACg13u5
43iaIpkz0zjXMbpj0wJSrTE=
=YPoR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ