[windows2000] Re: How to tighten up your network - suggestions

  • From: Greg Reese <gareese@xxxxxxxxx>
  • To: windows2000@xxxxxxxxxxxxx
  • Date: Thu, 26 Mar 2009 15:43:09 -0500

actually it is but I didn't want to make the rest of you feel bad.

On Thu, Mar 26, 2009 at 3:40 PM, Steve Snyder <kwajalein@xxxxxxxxx> wrote:

> It's not where you work? :D
>
>
> On Fri, Mar 27, 2009 at 8:24 AM, Greg Reese <gareese@xxxxxxxxx> wrote:
>
>> the problem is these kids have seen Swordfish too many times and think
>> it's all Halle Berry and cool cars in IT.
>>
>>
>> On Thu, Mar 26, 2009 at 3:22 PM, Berny Stapleton <berny@xxxxxxxxxxxxxxxxx
>> > wrote:
>>
>>> Yeah, I got asked by my old school to come back and give them a hand
>>> because their previous admin had been malicious and they needed to
>>> tidy up their environment before handing it over to a new admin.
>>>
>>> I found a couple of kids who were exploring the network because they
>>> didn't understand it. I didn't give them console access they weren't
>>> "admins", yes, getting them to do mundane tasks like replacing
>>> keyboards, setting up new workstations, explaining the odd bits and
>>> pieces to them wasn't wasted time for me (And besides, they are going
>>> to school, so it's not like they are with you all day). This is all
>>> new stuff for them, yeah sure, we have been doing it for 10 - 15 years
>>> (If not more), and it's mundane for us, but for them it's something
>>> that they haven't done before.
>>>
>>> Once the kids knew that on their network (There was two, a staff
>>> network, physically isolated by building area, somewhere they didn't
>>> have access to), and they understood what was there, there wasn't
>>> anything for them to explore. They also found some respect for the
>>> purpose that it was there for.
>>>
>>> Giving a student the ability to kill jobs on a print queue as opposed
>>> to running the whole server are two totally different matters. I ended
>>> up hiring a couple of the kids that came out of that school at a later
>>> date because they started in IT because of what I did.
>>>
>>> Berny
>>>
>>> 2009/3/26 Richard Bruce <richardbruce@xxxxxxxxxxx>:
>>> > Ok, have you ever actually DONE this? Because in my experience that's
>>> NOT
>>> > the way it works. That just gives them more opportunities to "explore".
>>> In
>>> > many cases these kids don't think they're doing any harm because
>>> they're
>>> > NOT "attacking" - just "looking around". Now I have them logging into
>>> > servers, usually at the console in the server room, where they can pop
>>> a CD
>>> > or floppy in and really do some damage? No thanks! And I have to
>>> supervise
>>> > them? Sorry, I'm busy enough as it is. I don't have time to
>>> babysit. Unless
>>> > it's REALLY simple stuff like replacing keyboards or setting up
>>> > workstations, I just can't afford to make what I consider a bad
>>> investment
>>> > of my time and effort
>>> >
>>> > My solution? I had a meeting with him, the principal, his parents, and
>>> the
>>> > local cop. We explained exactly what the policy and the law says on
>>> this,
>>> > and what would happen to him. Done. And word spread fast. They don't
>>> stand
>>> > much of a chance getting a decent IT job with a criminal record.
>>> >
>>> >> Date: Thu, 26 Mar 2009 19:27:03 +0000
>>> >> Subject: [windows2000] Re: How to tighten up your network -
>>> suggestions
>>> >> From: berny@xxxxxxxxxxxxxxxxx
>>> >> To: windows2000@xxxxxxxxxxxxx
>>> >>
>>> >> Would I TRUST them implicitly? No, it's not their job to be enforcing
>>> >> stuff, nor do they have the knowledge or maturity to properly look
>>> >> after it. But for 1 or 2 students who see things like network print
>>> >> queues filling up all the time (Out of paper and people hitting print
>>> >> 20 times because their job didn't come out straight away), and giving
>>> >> them something to do (Helping you around the place in their spare
>>> >> time, which also means that they are supervised) gives them a sense of
>>> >> responsibility for the network, so they don't WANT to attack it so
>>> >> much. They will ask you questions, and you will end up teaching them a
>>> >> bit, but instead of them attacking the network to find an answer, they
>>> >> ask a question. When they see or find something, they come to you
>>> >> straight away with it.
>>> >>
>>> >> It's free and it gets them onside.
>>> >>
>>> >> Berny
>>> >>
>>> >> 2009/3/26 Richard Bruce <richardbruce@xxxxxxxxxxx>:
>>> >> > I gotta go with the solution in Snyder's environment ;-)> I've dealt
>>> >> > with
>>> >> > kids like this before. No matter how many holes we plug, they'll
>>> >> > find new
>>> >> > ones. You can even put them to work - but would you TRUST them with
>>> your
>>> >> > network or sensitive data? They ONLY way to put a stop to it have
>>> >> > consequences for their actions - and impose them!
>>> >> >
>>> >> > Richard Eells
>>> >> >
>>> >> >> Date: Thu, 26 Mar 2009 18:30:00 +0000
>>> >> >> Subject: [windows2000] Re: How to tighten up your network -
>>> suggestions
>>> >> >> From: berny@xxxxxxxxxxxxxxxxx
>>> >> >> To: windows2000@xxxxxxxxxxxxx
>>> >> >>
>>> >> >> OK,
>>> >> >>
>>> >> >> Maybe it's just me, but you gotta admit, that's inventive!
>>> >> >>
>>> >> >> I would be asking him if he has considered a career in IT
>>> >> >>
>>> >> >> Berny
>>> >> >>
>>> >> >> 2009/3/26 Patrick <london31uk@xxxxxxxxx>:
>>> >> >> > ok guys, after some serious talking to, the kid has decided to
>>> let us
>>> >> >> > in
>>> >> >> > on
>>> >> >> > some of his tricks.
>>> >> >> >
>>> >> >> >
>>> >> >> >
>>> >> >> > 1.      Download zip files allows him to get to the C: drive by
>>> being
>>> >> >> > able
>>> >> >> > to access the Temp Internet files.
>>> >> >> >
>>> >> >> > 2.      If he disconnects the computer from the network, it
>>> installs
>>> >> >> > a
>>> >> >> > local
>>> >> >> > profile for him, giving him access to the C: drive and the “Run”
>>> >> >> > command.
>>> >> >> >
>>> >> >> > 3.      He  runs a “compressed” cmd file from within PowerPoint.
>>> >> >> >
>>> >> >> > 4.      By running “Find Printer” he is able to find users
>>> accounts.
>>> >> >> >
>>> >> >> > 5.      He accesses “command.com” (the equivalent of cmd.exe).
>>> >> >> >
>>> >> >> > 6.      He runs cmd.exe to get to files on the servers.
>>> >> >> >
>>> >> >> >
>>> >> >> >
>>> >> >> > Should this kid not be studying, rather than keeping me busy?
>>> >> >> >
>>> >> >> >
>>> >> >> > Anyway, just thought to share.
>>> >> >> >
>>> >> >> >
>>> >> >> >
>>> >> >> > Thanks
>>> >> >> >
>>> >> >> > Patrick
>>> >> >> >
>>> >> >> > ________________________________
>>> >> >> > From: Jim Kenzig http://thin.ms <jkenzig@xxxxxxxxx>
>>> >> >> > To: windows2000@xxxxxxxxxxxxx
>>> >> >> > Sent: Wednesday, March 25, 2009 11:54:33 PM
>>> >> >> > Subject: [windows2000] Re: How to tighten up your network -
>>> >> >> > suggestions
>>> >> >> >
>>> >> >> > Yes I understand kids will be kids but it covers you.
>>> >> >> > Jim Kenzig
>>> >> >> > Blog: http://www.techblink.com
>>> >> >> > Twitter: http://twitter.com/kenzig
>>> >> >> > Twitter: http://twitter.com/InternetPilot
>>> >> >> >
>>> >> >> >
>>> >> >> > On Wed, Mar 25, 2009 at 11:40 AM, Patrick <london31uk@xxxxxxxxx>
>>> >> >> > wrote:
>>> >> >> >>
>>> >> >> >> Hi Jim,
>>> >> >> >>
>>> >> >> >> This is an idea I have suggested, and I think there is a good
>>> case
>>> >> >> >> to
>>> >> >> >> push
>>> >> >> >> this forward. Whats I have found is that no matter how tight you
>>> try
>>> >> >> >> to
>>> >> >> >> make
>>> >> >> >> things the kids will seek to break in. In most cases because
>>> they do
>>> >> >> >> not
>>> >> >> >> understand what the consequences could be if enforced.
>>> >> >> >>
>>> >> >> >> Really annoying.
>>> >> >> >>
>>> >> >> >>
>>> >> >> >>
>>> >> >> >> Thanks
>>> >> >> >>
>>> >> >> >> Patrick
>>> >> >> >>
>>> >> >> >> ________________________________
>>> >> >> >> From: Jim Kenzig http://thin.ms/ <jkenzig@xxxxxxxxx>
>>> >> >> >> To: windows2000@xxxxxxxxxxxxx
>>> >> >> >> Sent: Wednesday, March 25, 2009 1:59:44 PM
>>> >> >> >> Subject: [windows2000] Re: How to tighten up your network -
>>> >> >> >> suggestions
>>> >> >> >>
>>> >> >> >> Well I am not sure about Australia but here we do have computer
>>> >> >> >> hacking
>>> >> >> >> laws and a simple "Your current computer activity appears to
>>> >> >> >> be illegal
>>> >> >> >> and
>>> >> >> >> you may be prosecuted if you do not cease and desist" dm to the
>>> >> >> >> computer may
>>> >> >> >> be enough.   You of course also make sure that you have a proper
>>> >> >> >> logon
>>> >> >> >> privacy message in place prior to logon that requires an OK
>>> click.
>>> >> >> >> Here is ours:
>>> >> >> >> THIS SYSTEM IS FOR USE OF AUTHORIZED PERSONS AND ACTIVITIES
>>> ONLY!
>>> >> >> >> Activities may be subject to monitoring, recording, and periodic
>>> >> >> >> audits
>>> >> >> >> The system and all content are property of CCPL and are NOT
>>> >> >> >> considered
>>> >> >> >> private.
>>> >> >> >> The organization may access any users accounts or
>>> communications.
>>> >> >> >> Anyone using this system expressly consents to the above and to
>>> all
>>> >> >> >> CCPL
>>> >> >> >> Policies and Rules regarding
>>> >> >> >> computer and Internet use and security.
>>> >> >> >>   OK
>>> >> >> >>
>>> >> >> >> This should cover you legally at least.
>>> >> >> >> Regards
>>> >> >> >> Jim Kenzig
>>> >> >> >> Blog: http://www.techblink.com
>>> >> >> >> Twitter: http://twitter.com/kenzig
>>> >> >> >> Twitter: http://twitter.com/InternetPilot
>>> >> >> >>
>>> >> >> >>
>>> >> >> >> On Wed, Mar 25, 2009 at 9:42 AM, Berny Stapleton
>>> >> >> >> <berny@xxxxxxxxxxxxxxxxx>
>>> >> >> >> wrote:
>>> >> >> >>>
>>> >> >> >>> Yes, it was actually regedit and they were modifying the SAM.
>>> >> >> >>>
>>> >> >> >>> Quite clever really, but a little frustrating.
>>> >> >> >>>
>>> >> >> >>> 2009/3/25 Robert K Coffman Jr. -Info From Data Corp.
>>> >> >> >>> <bcoffman@xxxxxxxxxxxxxxxx>:
>>> >> >> >>> > Scheduled task can run in System context & allow someone to
>>> >> >> >>> > launch a
>>> >> >> >>> > cmd
>>> >> >> >>> > prompt or something with basically full control of the
>>> system.
>>> >> >> >>> >
>>> >> >> >>> > -----Original Message-----
>>> >> >> >>> > From: windows2000-bounce@xxxxxxxxxxxxx
>>> >> >> >>> > [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sorin
>>> Srbu
>>> >> >> >>> > Sent: Wednesday, March 25, 2009 3:39 AM
>>> >> >> >>> > To: windows2000@xxxxxxxxxxxxx
>>> >> >> >>> > Subject: [windows2000] Re: How to tighten up your network -
>>> >> >> >>> > suggestions
>>> >> >> >>> >
>>> >> >> >>> > Could you please elaborate on the scheduler thing, what's
>>> that
>>> >> >> >>> > about?
>>> >> >> >>> > Thx.
>>> >> >> >>> > --
>>> >> >> >>> > /Sorin
>>> >> >> >>> >
>>> >> >> >>> >
>>> >> >> >>> >>-----Original Message-----
>>> >> >> >>> >>From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-
>>> >> >> >>> >>bounce@xxxxxxxxxxxxx] On Behalf Of Berny Stapleton
>>> >> >> >>> >>Sent: Tuesday, March 24, 2009 9:38 PM
>>> >> >> >>> >>To: windows2000@xxxxxxxxxxxxx
>>> >> >> >>> >>Subject: [windows2000] Re: How to tighten up your network -
>>> >> >> >>> >> suggestions
>>> >> >> >>> >>
>>> >> >> >>> >>Oh, turn off the scheduler. Keep your patches up to date.
>>> (That's
>>> >> >> >>> >> the
>>> >> >> >>> >>one that caught me)
>>> >> >> >>> >
>>> >> >> >>> >
>>> >> >> >>> > **********************
>>> >> >> >>> > To Unsubscribe, set digest or vacation
>>> >> >> >>> > mode or view archives use the below link.
>>> >> >> >>> >
>>> >> >> >>> > http://www.freelists.org/list/windows2000
>>> >> >> >>> >
>>> >> >> >>> **********************
>>> >> >> >>> To Unsubscribe, set digest or vacation
>>> >> >> >>> mode or view archives use the below link.
>>> >> >> >>>
>>> >> >> >>> http://www.freelists.org/list/windows2000
>>> >> >> >>
>>> >> >> >>
>>> >> >> >
>>> >> >> >
>>> >> >> >
>>> >> >> **********************
>>> >> >> To Unsubscribe, set digest or vacation
>>> >> >> mode or view archives use the below link.
>>> >> >>
>>> >> >> http://www.freelists.org/list/windows2000
>>> >> >
>>> >> > ________________________________
>>> >> > Quick access to Windows Live and your favorite MSN content with
>>> Internet
>>> >> > Explorer 8.
>>> >> **********************
>>> >> To Unsubscribe, set digest or vacation
>>> >> mode or view archives use the below link.
>>> >>
>>> >> http://www.freelists.org/list/windows2000
>>> >
>>> > ________________________________
>>> > Quick access to Windows Live and your favorite MSN content with
>>> Internet
>>> > Explorer 8.
>>> **********************
>>> To Unsubscribe, set digest or vacation
>>> mode or view archives use the below link.
>>>
>>> http://www.freelists.org/list/windows2000
>>>
>>
>>
>

Other related posts: