Jump to content

Comments please - Server 2008 Security Issue

Guest Dean Brighton

By Guest Dean Brighton
in Windows 2003 Server

 Share

Recommended Posts

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Anteaus

Guest Anteaus

Posted
Posted

RE: Comments please - Server 2008 Security Issue

 

 

True, but anyone with server console access doesn't even need a password to

do something like this. If they can find a way to reboot the server from

removeable media, then they can run another OS (Knoppix, WinPE, DOS) and use

that to harvest the data. No passwords, no questions asked.

 

Basically, users should never be allowed to treat the server as a

workstation.

 

The best policy is to ensure that the server is either in a highly-visible

place where anyone tampering would quickly be noticed, or else to remove the

keyboard and mouse, and run it headless, in a secure comms room.

 

"Dean Brighton" wrote:

> I have posted a blog post that should make interesting reading. Especially

> for those who are in the Server 2008 and security camp. Enjoy.

>

> http://labcontrol.blogspot.com/2008/02/this-post-is-purely-for-information.html

Guest Dean Brighton

Guest Dean Brighton

Posted
Posted

Re: Comments please - Server 2008 Security Issue

 

Anteaus,

 

You are missing the point. What you are suggesting is applicable to only the

local machine. What I have suggested is that you can take over an ENTIRE

DOMAIN! Big difference. Anyone knows that it is easy to access the data on a

local machine.

 

Imagine a company network with 5000 seats. In this network there are several

branch offices dotted around the globe and someone in some far off country

gets pissed off for some reason. They decide to take it out on the company

as a whole and they hijack the network. They gain enterprise level access,

delete all 5000 machine accounts, all 10000 groups, revoke all certificates,

delete all domain controller account and then as a last move, delete all

user accounts. Oh and just to make sure, they initiate a domain replication.

Not that there are any other servers left to replicate to.

Well... I know that I would not like to be the administrator responsible for

fixing that mess.

 

Maybe I did not make myself heard clearly enough. I CAN HACK A SERVER 2008

DOMAIN IN LESS THAN 3 MINUTES!

 

If there any other way to say it?

 

Dean

 

 

"Anteaus" <Anteaus@discussions.microsoft.com> wrote in message

news:01B595C3-BEFC-4810-B3F1-B34283E97D36@microsoft.com...

>

> True, but anyone with server console access doesn't even need a password

> to

> do something like this. If they can find a way to reboot the server from

> removeable media, then they can run another OS (Knoppix, WinPE, DOS) and

> use

> that to harvest the data. No passwords, no questions asked.

>

> Basically, users should never be allowed to treat the server as a

> workstation.

>

> The best policy is to ensure that the server is either in a highly-visible

> place where anyone tampering would quickly be noticed, or else to remove

> the

> keyboard and mouse, and run it headless, in a secure comms room.

>

> "Dean Brighton" wrote:

>

>> I have posted a blog post that should make interesting reading.

>> Especially

>> for those who are in the Server 2008 and security camp. Enjoy.

>>

>> http://labcontrol.blogspot.com/2008/02/this-post-is-purely-for-information.html

>

 Share
Go to topic listing
×
×
  • Create New...