|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Disabling Cached Logon Credentials
From: Nick Duda (nduda
VistaPrint.com)
Date: Tue Dec 30 2003 - 14:36:08 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Even with physical access you (a hacker) want to do what you have to ,
leave and still be undetected. If a hacker is going to get to a physical
server only to change the admin password and do some hack (i.e. trojan),
I would find it silly because when the admin finds out that its not a
password he supplied, that system is as good as formatted. This is why
disbaling stuff like autoplay on cd roms is a good idea, and not to just
lock servers screensavers but rather logout.
I don't think disbaling cached logons is something to worry about if in
a secured data center, but merly a common practice for any security
professional (i.e. do the job right, or don't do it at all, don't
halfass when it comes to security)
- Nick
-----Original Message-----
From: dwr3ckhushmail.com [mailto:dwr3ckhushmail.com]
Sent: Tuesday, December 30, 2003 1:29 PM
To: focus-mssecurityfocus.com; full-disclosurelists.netsys.com
Subject: Disabling Cached Logon Credentials
Disabling cached logon credentials is on virtually every server
hardening checklist.
If you have your servers physically secured in a data center what is the
real benefit of disabling cached logon credentials?
Whenever a server is off the network, admins have to obtain the local
admin password. Depending on how you handle local RID=500 account
passwords this can add significantly to downtime when resolving issues.
Does anyone know of a way to exploit cached credentials over the wire?
If someone has physical access to a system they own it anyway:
http://home.eunet.no/~pnordahl/ntpasswd/
Concerned about your privacy? Follow this link to get FREE encrypted
email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]