Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 'Read only' Admin privileges for Active Directory environment?

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 30 Jun 2006 00:38:57 +0200
On 2006-06-28 Saqib Ali wrote:

 I need those rights to access the logs and other items to
investigate the it staff, it's actions, unauthorized changes to ad,
run various tools that require domain admin to extract data (I don't
like generic accounts with domain admin because now I have no idea
who ran it),


Then how do you prove during the trial that the evidence was NOT
planted by InfoSec team?  The argument can be made that since the
InfoSec team had admin right they could themselves have planted the
evidence


How do you prove the evidence was not planted by someone else with admin
privileges? If you try to monitor an admin worth his money you will
fail. Period.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: