Geoff,
If you have run SATAN on the system(s) and have the reports it gives you
that shows the systems are open, print it out take it to them and if that
doesn't help motiviate them take it to their supervisors.
Also go to www.rootshel.com and get a few of the exploits off there and
run them specifically the Novell password cracker and the NT IIS holes and
run it in front of their supv's.
I do this on the side as a contractor and if I can not get the SA's to
move, I show it to the owners/pres. of the companies and it seems to
motivate the SA. The key is to show the SA's first and if now response the
go up the ladder however, have all you ducks in a row. Get all the
advisories that announce the bugs/holes and be ready to prove your
acqusations. Show them what you did to find the holes. Again document,
document and document again.
Hope this helps
Jim Raykowski
jimrski @
cts .
com
Trying to Learn, Administer, Manage and Secure NT. What
an impossible job!!!!!!!!!!!!!!!!!!!!!!!!!!!
-----Original Message-----
From: daemond @
ibm .
net <daemond @
ibm .
net>
To: firewalls @
GreatCircle .
COM <firewalls @
GreatCircle .
COM>
Date: Monday, January 12, 1998 10:22 PM
Subject: Exposing fraudulent SA's
>Hello All!
>
> I have a dilema that I can't seem to find a clear cut solution for
>and was wondering if anyone ran into this before and what can be done about
>it. I am a college freshman and while I done have any certifications I am
>not stupid about internet security (some of the books that I've read:
>"Building Internet Firewalls" Chapman and Zwicky [O'Reilly]; "TCP/IP
Network
>Administration" Hunt [O'Reilly]; "Practical UNIX & Internet Security"
>Simson, Garfinkel and Spafford [O'Reilly]; and "UNIX Systems Administration
>Handbook (2nd ed.)" Nemeth, Snyder, Seebass, and Hein [Prentice Hall]; and
>thousands of messages from this and other lists).
>I've used SVR4, SCO Openserver, Linux, and NetBSD. However, at my college,
>we have two CNE certifed SAs that claim we have a secure setup
>(hahahahaha!!). Here's what we have: a Cisco router (with no filtering
>rules setup that I can find), NT Server for our web & DNS server, and
>NetWare 4.x for the students to log in a attach to their home directories,
>etc. From what I can tell our systems are wide open and just waiting to be
>sacked left, right, and center. I see no signs of any tight security
>whatsoever. I've used SATAN and strobe to do my checking to verify this
>(all systems are pretty much up for grabs). Aside from that our network is
>S L O W (and probably misconfigured) and it collapses now and then. I once
got
>together with the two SA's and tried to point out the flaws and propose
>alternatives, but no dice (they've got their club and I'm not invited). So
>here's the question: how do you expose frauds like these so they at least
>secure it (or are given the boot)? I'm not sure I want to be near the
>systems around here when our network goes up in smoke. Who knows what else
>can be obtained? I know the Registar has their systems on a network here
>(I'm not sure if it's connected to the one in use by us, but possible).
>There's no telling what damage could be done to here. I'm a concerned
>college student with no options begging for ideas that you may have. I'll
>be thankful for any ideas. Please help.
>
>---------------------------------------------------------------------------
--
>Geoff Gowey | NetBSD: the best multi-platform OS
>daemond(at)ibm.net | www.netbsd.org
>***************************************************************************
**
>Spammers beware: I do not buy from companies that spam and I keep track!
>Above policy STRICTLY ENFORCED!
>***************************************************************************
**
>"All I ask is for the chance to prove that money can't buy me happiness"
>or more simply put "SHOW ME THE MONEY!!!"
>
>
Follow-Ups:
|
|
