> Ok, fellow Listees, here's the deal...
In this case social engineering is probably your _WORST_ problem. He's most
likely already got several account names and passwords just from hanging
around the office. Or he could have planted a TROJAN while his girlfriend
went to the bathroom, etc. (I almost got kicked out of college for doing
that to the nosey sysadmin once. :-)
I'd suggest, if using NT security, to immediately force everyone to change
passwords at next logon and to disable all accounts that haven't been used
in the last month. Also, with NT you can btw, restrict the hours that logons
can take place. If you haven't already, make it so everyone who doesn't need
to can't get in outside of reg biz hours.
Also, if possible, initiate an anti-viral scan across the network. (Ie, make
sure you've not already been compromised before the test *officially*
starts. He _HAS_ had actual physical contact with the network after all.)
Disable the girl friends account. :) Or force an immediate password change
and the day before the test.
Disable the bosses account. :) Or force an immediate password change and
the day before the test.
Watch them both very closey. almost certainly Girl knows both passwords. So
does boy friend most likely.
Watch the accounts of anyone he was "chummy" with in the office.
Most likely his first attempts will be through those.
Aside from that and all the normal iis/cf security notices/alerts, setting
up firewalls/proxies, etc, etc grab a copy of.. um... sam spade. Grab that
and do some port scanning, etc against your system and see what's sticking
out and needs to be turned off. Or if backorfice or anything else ODD shows
up. ;-)
--min
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
