Re: Scheduling NTBackup to mapped drive

  • From: "Greg Mulholland" <greg@xxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 9 Aug 2004 09:03:41 +1000

Do whatever takes your fancy. In business there are many right and
wrongs but security also depends on budget and other external factors.
If you feel like logging on and locking it, do so, if its easier to
leave the machine boot and sit at the logon prompt, do that. Many people
for the last 256 days have said what they use and reasons why, Jared is
quite clear in his beliefs as are others. Make up your own mind and go
for it. Then maybe we can put this thread to  bed and move on to some
more exchange issues. Who knows, I might even be able to coax Mark back
to the list.

-----Original Message-----
From: Keith Duemling [mailto:kduemling@xxxxxxx] 
Sent: Monday, August 09, 2004 8:52 AM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

Jared,

I agree completely with you regarding the need for physical security.
If
physical security isn't present, neither locking the system or leaving
it
unlocked will provide much of a line of defense against a successful
attack.
Pull the system out of the rack and take it home to hack at your own
convenience.

I'm only trying to obtain the correct answer to the question of....  "If
I
put a server in a room and brick the entry points up and secure every
means
of interacting with the system physically...what state should the system
remain in from an interactive login perspective?"

Thanks.

Keith Duemling
 
//end
-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@xxxxxxxxx] 
Sent: Sunday, August 08, 2004 6:34 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

Keith, I wasn't speaking to you directly. In fact, I appreciate you
sending
that to all. 

It states right there, 

"Again, it comes down to physical security:  Unless your computer is
always
guarded by a person or a locked door, be sure to log off when you leave
the
computer and ensure that all user accounts are password protected."

And we ALL KNOW that all our servers ARE behind locked doors, so LOCK
THOSE
SCREENS EVERYONE. You've now heard it from Microsoft, twice.

"That is, if an attacker can reach your unattended computer while an
administrator account is logged on, your passwords can be stolen.  An
attacker can steal the LSASS cache of hashed passwords and copy it to a
floppy disk in seconds."

HOW can a password be "stolen" if they can't get to the floppy drive??

Remember, all servers should have a case on them that lock. We have over
a
hundred and all are locked with a key that the VP has, HR has, and the
lead
engineer (me) has.

I can't even fathom anyone have servers that don't have locked cabinets
or
cases. Jeez.

Remember, the keyboard most times, are NOT locked up, like the servers
are.
So, if you leave it logged off, anyone that is a member of your domain
can
log right on!! By default, unless a domain controller, all "domain
users"
can log right onto your server, via Terminal Services, or via console.


-----Original Message-----
From: Keith Duemling [mailto:kduemling@xxxxxxx]
Sent: Sunday, August 08, 2004 6:21 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

Jared,

I'm not trying to take a side... Just find a document that says
something in
either direction (and now I will review the documents you have
supplied).
Don't take this up with me, cause I'm not the author of the book.  I
suggest
you take it up with the authors Ed Bott and Carl Siechert.  Send
comments to
mspinput@xxxxxxxxxxxxx as per the notes in the book.

I'm not debating the functionality that Microsoft has included with
their
systems, and I'm also not saying you shouldn't use it.  Just pointing
out
what one source of information says in relation to the topic.

I'm not afraid to admit I'm wrong, as I never claimed that I was right.
Have a good one Jared.

Keith Duemling
 
//end
-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@xxxxxxxxx]
Sent: Sunday, August 08, 2004 5:58 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

LOL. Right. And I have some land in the Sierra I'd like to sell you. 

How about the truth: 

http://techrepublic.com.com/5100-6329-1058522.html

http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/ste
p_5_
use_strong_passwords.mspx (read, "But all too often...")

http://labmice.techtarget.com/articles/securingwin2000.htm (look at
"password protect your..." which mentions ALL SERVERS.)

http://www.cpc.unc.edu/projects/addhealth/data/restricteduse/security/wi
n200
0server (look at #2)

Answer me this: Why would microsoft give the ability to lock all their
server screens?? Because they don't want you to USE IT!? Again, this is
common sense.

LOL Whew, sorry, I just blew a few junks. 

Hey my weak newbie, if your incredibly fragile ego can't take being
wrong,
that's not my deal. SEE A SHRINK. 

TALK ABOUT DENIAL

-----Original Message-----
From: Keith Duemling [mailto:kduemling@xxxxxxx]
Sent: Sunday, August 08, 2004 5:46 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Scheduling NTBackup to mapped drive

http://www.MSExchange.org/

Trying to add some documented references to the two sides of this issue
I
have found the following statement in a Microsoft Press book.

-----------------------------------------

Book: Microsoft Windows Security for Windows XP and Windows 2000 Inside
Out
Publisher: Microsoft Press
Copyright: 2003
ISBN: 0-7356-1632-9

Pages: 111-112

Background: Statement made in reference to using Syskey to add an
additional
layer of login protection for Windows based systems.

Statement:

"Caution: Bear in mind that this added startup requirement provides no
additional protection once the computer is up and running.  That is, if
an
attacker can reach your unattended computer while an administrator
account
is logged on, your passwords can be stolen.  An attacker can steal the
LSASS
cache of hashed passwords and copy it to a floppy disk in seconds.
Again,
it comes down to physical security:  Unless your computer is always
guarded
by a person or a locked door, be sure to log off when you leave the
computer
and ensure that all user accounts are password protected."

-----------------------------------------

This article might be useful for those locking their servers.
http://www.microsoft.com/technet/prodtechnol/windows2000pro/tips/loccon.
mspx


Keith Duemling
 
//end



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
JaredsJazz@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
kduemling@xxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
JaredsJazz@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
kduemling@xxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
greg@xxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist

Other related posts:

  1. Home
  2. exchangelist
  3. Archive
  4. 08-2004