Great Circle Associates Firewalls
(April 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: RE: Cracking NT via RAS
From: "Rodney R. Fournier" <rodf @ cris . com>
Date: Fri, 12 Apr 1996 21:24:23 -0400
To: "'Norton, Dave'" <dnorton @ trane . com>, "'firewalls @ greatcircle . com'" <firewalls @ greatcircle . com> 
1)  You can use any resource in either Domain in a trusted Domain. I can not comment on a password crackers, you may want to implement a three password lockout, and then disable the account. That should take care of it (unless they guess the name and password first!!)

2)  MS NT just recently got approved at C2 level, so that should tell you something!! 3.1 & 3.5 are not certified, so I hope that you are on 3.51 with service pack 4!!

Good Luck & I hope that I have helped.......



----------
From:  Norton, Dave[SMTP:dnorton @
 trane .
 com]
Sent:  Thursday, April 11, 1996 5:08 PM
To:  Firewalls-post
Subject:  Cracking NT via RAS


Hi gang,
We have a sister organization with a VPDN interconnected with
our own with only router ACL's between 'em, filtering on "trusted"
and "semi-trusted" IP address ranges only. Our org has limited
security consciousness, theirs has none... They insist on putting
Digi-boards directly on NT apppl servers, and allow remote direct
dial access into same [...cringe :-(  ].

I imagine that war dialers and password guessing programs will
work just as well on NT/RAS as UNIX - why not - so, if an interloper
can gain a session on a "trusted" NT host, he/she ought to be able
to freely island-hop over to our IP VPDN with impunity, right?

Second, without being too explicit, can someone out there tell
me of their real tried and tested assessment as to the "swiss
cheese" factor concerning security of the NT OS. Some of our
"NT rocket scientists" around here persist in claiming that UNIX is
not a secure environment, whereas NT is. I have to continually
tell them that UNIX is much more secure(able) because we know
where the holes in the cheese are... That we don't hear about
NT security problems much because there hasn't been enough
elapsed time since its birth to thoroughly probe and exploit it...

Any comments, feedback from outside my organization will be greatly
appreciated, because I blew all my intellectual credibility in-house
when I accepted employment here... Sorry, but I can't tell you who
we are, cause of what I've devulged to the world in this posting...

Nervous...
Indexed By Date Previous: RE: Cracking NT via RAS
From: "Rodney R. Fournier" <rodf @ cris . com>
Next: firewall management
From: Chris Kostick <ckostick @ ashton . csc . com>
Indexed By Thread Previous: RE: Cracking NT via RAS
From: "Rodney R. Fournier" <rodf @ cris . com>
Next: RE: Cracking NT via RAS
From: Mike Herbert <herbem2 @ tdbank . ca>
Google
 
Search Internet Search www.greatcircle.com