lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 22 May 2008 14:27:46 -0400
From: "Garrett M. Groff" <groffg@...design.com>
To: "Daniel Sichel" <daniels@...derosatel.com>,
	<full-disclosure@...ts.grok.org.uk>
Subject: Re: Need some help with management

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Appeal to them with language that they understand. Since they don't seem to
be as technical as you are, appeal to them with a financial and/or legal
liability argument. Managers understand liability and the bottom line.

- ----- Original Message ----- 
From: Daniel Sichel 
To: full-disclosure@...ts.grok.org.uk 
Sent: Thursday, May 22, 2008 12:51 PM
Subject: [Full-disclosure] Need some help with management


My management here wants to put a server on our LAN, not administered by us
(the IT department) and use a share on it to serve files and data to our
workstations.  They do not understand why having a server with a file share
that is NOT part of our secure infrastructure represents a threat to the
computers accessing it. Keep in mind this is an all Windows network. Sooo,
if you guys can succinctly explain why having a trusted computer trust an
untrusted computer is a problem, that would be helpful. Keep in mind we are
talking to management here. It's kind of like trying to explain why, when
you are in the United States, it's a bad idea to drive on the left hand
side of the road. It's just so basic it's not documented anywhere. So,
please help me explain why netbios and file shares on machines not within
your network are bad ideas.

 

Thanks,

 

Daniel Sichel, CCNP, MCSE,MCSA,MCTS (Windows 2008)

Network Engineer

Ponderosa Telephone (559) 868-6367

 



- ---------------------------------------------------------------------------
- -----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014) - not licensed for commercial use: www.pgp.com

wj8DBQFINbscSGIRT5oVahwRAtbUAJsHjlOzn3WqAIO5k1EMJ8Y6ywWNoACgrBxV
MyCkC2BZGDS5l2R7HMAwR8k=
=NbUq
-----END PGP SIGNATURE-----

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ