Re: Scheduling NTBackup to mapped drive

  • From: "Jared Johnson" <jaredsjazz@xxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Sun, 8 Aug 2004 19:01:20 -0400

You've just started your career in IT right? Easy to tell.

Remember, hackers do STEALTH attacks. Every single IT and non-IT person
knows that, except perhaps you and Steve.

They don't bring a jack-hammer with them to pry your box loose, thereby
ENGAGING THE ALARM, and use a couple of people to carry your boxes to their
car. I mean, let's get real here.  

They use HACKING techniques, that's why they are called HACKERS (or to be
really correct, "CRACKERS.") The LAST things crackers/hackers want to do is
BE CAUGHT. So, they use STEALTH cracking. My gosh, this is beginner stuff
here.

This lesson will cost you $100.00.



-----Original Message-----
From: Keith Duemling [mailto:kduemling@xxxxxxx] 
Sent: Sunday, August 08, 2004 6:52 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

Jared,

I agree completely with you regarding the need for physical security.  If
physical security isn't present, neither locking the system or leaving it
unlocked will provide much of a line of defense against a successful attack.
Pull the system out of the rack and take it home to hack at your own
convenience.

I'm only trying to obtain the correct answer to the question of....  "If I
put a server in a room and brick the entry points up and secure every means
of interacting with the system physically...what state should the system
remain in from an interactive login perspective?"

Thanks.

Keith Duemling
 
//end
-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@xxxxxxxxx]
Sent: Sunday, August 08, 2004 6:34 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

Keith, I wasn't speaking to you directly. In fact, I appreciate you sending
that to all. 

It states right there, 

"Again, it comes down to physical security:  Unless your computer is always
guarded by a person or a locked door, be sure to log off when you leave the
computer and ensure that all user accounts are password protected."

And we ALL KNOW that all our servers ARE behind locked doors, so LOCK THOSE
SCREENS EVERYONE. You've now heard it from Microsoft, twice.

"That is, if an attacker can reach your unattended computer while an
administrator account is logged on, your passwords can be stolen.  An
attacker can steal the LSASS cache of hashed passwords and copy it to a
floppy disk in seconds."

HOW can a password be "stolen" if they can't get to the floppy drive??

Remember, all servers should have a case on them that lock. We have over a
hundred and all are locked with a key that the VP has, HR has, and the lead
engineer (me) has.

I can't even fathom anyone have servers that don't have locked cabinets or
cases. Jeez.

Remember, the keyboard most times, are NOT locked up, like the servers are.
So, if you leave it logged off, anyone that is a member of your domain can
log right on!! By default, unless a domain controller, all "domain users"
can log right onto your server, via Terminal Services, or via console.


-----Original Message-----
From: Keith Duemling [mailto:kduemling@xxxxxxx]
Sent: Sunday, August 08, 2004 6:21 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

Jared,

I'm not trying to take a side... Just find a document that says something in
either direction (and now I will review the documents you have supplied).
Don't take this up with me, cause I'm not the author of the book.  I suggest
you take it up with the authors Ed Bott and Carl Siechert.  Send comments to
mspinput@xxxxxxxxxxxxx as per the notes in the book.

I'm not debating the functionality that Microsoft has included with their
systems, and I'm also not saying you shouldn't use it.  Just pointing out
what one source of information says in relation to the topic.

I'm not afraid to admit I'm wrong, as I never claimed that I was right.
Have a good one Jared.

Keith Duemling
 
//end
-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@xxxxxxxxx]
Sent: Sunday, August 08, 2004 5:58 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

LOL. Right. And I have some land in the Sierra I'd like to sell you. 

How about the truth: 

http://techrepublic.com.com/5100-6329-1058522.html

http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/step_5_
use_strong_passwords.mspx (read, "But all too often...")

http://labmice.techtarget.com/articles/securingwin2000.htm (look at
"password protect your..." which mentions ALL SERVERS.)

http://www.cpc.unc.edu/projects/addhealth/data/restricteduse/security/win200
0server (look at #2)

Answer me this: Why would microsoft give the ability to lock all their
server screens?? Because they don't want you to USE IT!? Again, this is
common sense.

LOL Whew, sorry, I just blew a few junks. 

Hey my weak newbie, if your incredibly fragile ego can't take being wrong,
that's not my deal. SEE A SHRINK. 

TALK ABOUT DENIAL

-----Original Message-----
From: Keith Duemling [mailto:kduemling@xxxxxxx]
Sent: Sunday, August 08, 2004 5:46 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

Trying to add some documented references to the two sides of this issue I
have found the following statement in a Microsoft Press book.

-----------------------------------------

Book: Microsoft Windows Security for Windows XP and Windows 2000 Inside Out
Publisher: Microsoft Press
Copyright: 2003
ISBN: 0-7356-1632-9

Pages: 111-112

Background: Statement made in reference to using Syskey to add an additional
layer of login protection for Windows based systems.

Statement:

"Caution: Bear in mind that this added startup requirement provides no
additional protection once the computer is up and running.  That is, if an
attacker can reach your unattended computer while an administrator account
is logged on, your passwords can be stolen.  An attacker can steal the LSASS
cache of hashed passwords and copy it to a floppy disk in seconds.  Again,
it comes down to physical security:  Unless your computer is always guarded
by a person or a locked door, be sure to log off when you leave the computer
and ensure that all user accounts are password protected."

-----------------------------------------

This article might be useful for those locking their servers.
http://www.microsoft.com/technet/prodtechnol/windows2000pro/tips/loccon.mspx


Keith Duemling
 
//end



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
JaredsJazz@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
kduemling@xxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
JaredsJazz@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
kduemling@xxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
JaredsJazz@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist




Other related posts: