[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] RE: Disabling Cached Logon Credentials

To: <dwr3ck@hushmail.com>, <focus-ms@securityfocus.com>, <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] RE: Disabling Cached Logon Credentials
From: "Nick Duda" <nduda@VistaPrint.com>
Date: Tue, 30 Dec 2003 15:36:08 -0500

Even with physical access you (a hacker) want to do what you have to ,
leave and still be undetected. If a hacker is going to get to a physical
server only to change the admin password and do some hack (i.e. trojan),
I would find it silly because when the admin finds out that its not a
password he supplied, that system is as good as formatted. This is why
disbaling stuff like autoplay on cd roms is a good idea, and not to just
lock servers screensavers but rather logout.

I  don't think disbaling cached logons is something to worry about if in
a secured data center, but merly a common practice for any security
professional (i.e. do the job right, or don't do it at all, don't
halfass when it comes to security)

- Nick
 

-----Original Message-----
From: dwr3ck@hushmail.com [mailto:dwr3ck@hushmail.com] 
Sent: Tuesday, December 30, 2003 1:29 PM
To: focus-ms@securityfocus.com; full-disclosure@lists.netsys.com
Subject: Disabling Cached Logon Credentials

Disabling cached logon credentials is on virtually every server
hardening checklist.

If you have your servers physically secured in a data center what is the
real benefit of disabling cached logon credentials?

Whenever a server is off the network, admins have to obtain the local
admin password.  Depending on how you handle local RID=500 account
passwords this can add significantly to downtime when resolving issues.

Does anyone know of a way to exploit cached credentials over the wire?
 

If someone has physical access to a system they own it anyway:

http://home.eunet.no/~pnordahl/ntpasswd/








Concerned about your privacy? Follow this link to get FREE encrypted
email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] Local Denial Of Service Attack Against Apple MacOS X, MacOS X Server, and Darwin.
Next by Date: Re: [Full-Disclosure] malware
Previous by thread: [Full-Disclosure] Local Denial Of Service Attack Against Apple MacOS X, MacOS X Server, and Darwin.
Next by thread: [Full-Disclosure] RE: Reverse http traffic
Index(es):
- Date
- Thread