OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: I think
From: Jay Mobley (jmobleyIEINET.COM)
Date: Tue May 23 2000 - 17:03:08 CDT


 So, Im fairly green with all this security hub-bub, so admitedly I feel
pretty outta my league, but here is the low down. I use a product called
NetOps. Its a remote control client/server package ... or in thier terms,
host and guest.
Among its features is one that allows a guest to xfer files back and forth
from the host. In my case the host is run on our NT 4.0 server. a user
typically connects, sends the ctr-alt-del and logs in as if the user were
sitting at the console. Mouse and keyboard output is sent to the remote
controlled station.
The security flaw I think I have found has to do with simply connecting to
the host and beginning a file transfer. NO AUTHENTICATION IS REQUIRED to
either copy files to or from a host running this NetOps software!
Is this a valid secuity flaw??

-Jay Mobley