On Tue, Dec 03, 2002 at 07:50:10PM +0100, Robert Sieber wrote:
> Hello colleauges,
>
> imaging the following situation:
>
> User calls the helpdesk to reset/alter some kind
> of account-password (NT, RAS, PKI-PIN ...) and you
> has to determin wheter the user is the correct
> (owner of the acco
Your speaking about social engineering.
Makeing sure that the person on the phone is who they say they are.
An idea we had was to put up inexpensive computers in key locations and to
put inexpensive cameras on these systems.
So when a person called to get their password reset, that person wou
One suggestion is:
Verify his name matches his physical desk location identification in your
records and call back the phone number you have on record to give them the
new temp password.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 03, 2002
- use callback to their office phone, leaving the new password on their
VM - that will eliminate a random person picking up the phone
- give the helpdesk phones that identify the phone number calling - not
as secure, but may be an option depending upon the environment
- develop a database of Qs t
Robert:
The usual procedure that I've seen with ISP's (and one we will probably
end up using) is to include in the signup documents a security question.
It could be something like "What is your mother's maiden name," or
something really strange like "What was the name of your first childhood
pet,"
too much administrative overhead. especially if you have a network of 50 or
more nodes.
unless you're using smaller subnets and using all valid IP's in the range, a
user can still specify an IP in your network with matching netmask and have
access
because of the MAC filtering on my school network,
Hi Robert
There are a lot of scenarios.
However, for the "ups, I typed wrong 3x in a row", I have seen the
following solution:
A voice-recognition system, where you can call a system and through a
menu and auto generated number sequence (that need to be repeated with
your voice) can reset your ac
I highly doubt that 99% of email traffic you receive from aol.com is
SPAM. Most likely, the email headers have been fudged to appear as if
they originated from aol.com. ...and I don't think wholesale blocking of
IPs is a prudent practice. First off, AOL, as I mentioned, is
hugewhy would you wan
When I originally started setting up the network at this place I tried
giving only the specifice permissions necessary for each program we had
installed. (Talking about win2k ACLs here to be specific) After a while it
turned into a bit of a nightmare and I basically ended up giving the DOMAIN
Some of the commercial DHCP servers such as Cisco have interesting options
to help with the secure allocation of IP addresses. There are options to
give clients "private" IP addresses that only have access to an
"authentication" web server, once the clients authenticate to the web server
(username/
For web server logs, I find Funnel Web Analyser an exceptional tool - and
it works on most OS's.
Hamish Stanaway
-= KoRe WoRkS =- Internet Security
Owner/Operator
http://www.koreworks.com/
New Zealand
Is your box REALLY secure?
From: "Nicolas Villatte" <[EMAIL PROTECTED]>
To: "'Niall O M
I have been in the same boat and tried several products both WIN32 and *NIX.
No advertising here but I have found WebSpy (http://www.webspy.com) to meet
my needs and then some. It is pricy but it has accomplished what used to
take me 2 to 4 days to do with Excel and Access.
I hope this helps.
Hello,
As I see it, if a "client" knows the gateway address and subnet mask,
then they can just edit their tcp/ip configuration manually and "hope"
to use an unassigned address, thus bypassing DHCP all together.
Additional knowledge of the network makes this easier... This does allow
a client to u
Webalizer http://www.mrunix.net/webalizer/ is a very good application, there
are several others out there like Awstats http://awstats.sourceforge.net/
If you want to get stats on your users usage, set up a proxy (possibly
transparent) and use the logs from the proxy server to run your statistics.
There is some info on AOL IP addresses here:
http://webmaster.info.aol.com/proxyinfo.html
On Mon, 2 Dec 2002 14:04:43 -0600 "Neal K. Groothuis" wrote:
> Doing a "whois \> \[EMAIL PROTECTED]" reveals:
>
> [whois.arin.net]
>
> OrgName: America Online
> OrgID: AOL
> Address: 8619 Westwood Cent
> Has anyone else seen this before?
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=%22Monitored.By.hAcxFtpScan%22&btnG=Google+Search
> Any help or advice appreciated.
Along what lines? Advice for what? You haven't
identified the os in question, or any of the apps
installed. So what a
I know this sounds like a really bad way of doing this, but it is the only
way I can come up with off the top of my head:
Turn of DHCP!! Statically assign all addresses in your LAN. If a visitor
wants access to your network, they will have to come to you to obtain the
address, or better yet, crea
Well, until someone with some experience in designing and deploying wireless
networks comes up with better 'intel' ( I too am curious), I'll drop in this
url, (
http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac178/about_cisco_ipj_arc
hive_article09186a00800c83b2.html ).
- Original Message
That works pretty well in most cases, but it won't stop someone really
determined from getting onto the network.
If you've got time, plug in, start up a sniffer, and watch for DHCP
traffic. Wait for someone to go off the air, and change your MAC address
to theirs, (love ifconfig) and then grab
Google found five other references.
This does look like some sort of warez...
Good luck!
>> I found a un-managed ftp server floating around our
network.
>> I am quite sure the machine itself had not been
compromised completely, but
>> I found a directory in there with the
Monitored.By.hAcxFtpScan is a either a website or group that has scanned
that machine and is watching for any illegal software to be distributed on
that computer. Then they post the results so people can download the
software from that machine. If you need that ftp server running make sure
you turn
Chris,
I would run regmon and filemon and see what exactly is failing, this will
give you a better clue on what the problem really is.
Keith
"Chri
22 matches
Mail list logo