Penetration Testing mailing list archives

Re: [PEN-TEST] Tandems ?

From: "Toolin, Colm" <colm.toolin () ADMIRAL COM AU>
Date: Fri, 25 Aug 2000 09:26:24 +1000

http://www.auditserve.com/articles/art_24.htm

This link is a brief info on Tandem.. One or two things not mentioned is
about Super.Super (or 255,255)
1.      The superid is UNDENYABLE which means it can never be locked out so
it needs to have a good password and invalid
        password attempts on super.super needs to be checked daily.
2.      Super.Super should ONLY be used for OS upgrades or similar large
changes. never the case of course but it should be a    recommendation. As
super.super has alot of inherent access within the system they should use
another logon for daily/weekly  admin.
3.      Procedure for storage of Super.super password  should be an envelope
stored in a safe (same as all super ids
        I presume) with restricted access blah blah....reset after use and
so on..
There are some safeguard commands in the .txt
Cheers,
Colm


-----Original Message-----
From: Heather Field [mailto:Heather.Field () CTP COM]
Sent: Thursday, August 24, 2000 2:26 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Tandems ?


It is funny, but I didn't think Tandems had security, so what is there to
audit (sort of joking so please don't flame up)?  That is  unless they have
installed SafeGuard or something.  Don't know about audit tools, but first
find out if they are using SafeGuard or any other 3rd party tool to manage
authentication and authorization.  Otherwise, it may just be a matter of
getting up to speed on the OS commands to snoop around.

Heather Field
Cambridge Technology Partners, CNS
O: 310.563.4862
C: 310.489.5679



-----Original Message-----
From: Marc Kneppers [mailto:marc.kneppers () TRIPEZE COM]
Sent: Tuesday, August 22, 2000 10:40 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Tandems ?


Not a lot of info to contribute, but ...

From my experience (about 4 years ago):


Tandems tend to come in a few flavours, one of them being a (relatively)
standard UNIX OS - so these are subject to the same UNIX vulnerabilities
everyone else has. Check the OS. (I remember old sendmail versions, user
accounts like 'shutdown' etc without passwords by default).

Also, the UNIX boxes that I worked on were heavily monitored for hardware
failures and come with monitors which are used to dial-out and request
replacement hardware components (depending on the level of support). They
can also be configured for dial-in support by Tandem. This is obviously a
potential hole/access point. This might also apply to the non-UNIX boxes.

-MArc

-----Original Message-----
From: Rick Redman [mailto:redmanr () MINGA COM]
Sent: Monday, August 14, 2000 3:45 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Tandems ?


I've recently been tasked to do a HUGE assessment of a large network.
On this network, they have quite a few tandems (www.tandem.com).

The question is, any one have/know of any tools or documentation that
might help a person who needs to do any sort of security audit of one of
these?

I've searched the web like crazy, and good luck finding any decent books on
Tandems at amazon/fatbrain.

Thanks for any help.

-Minga
www.minga.com


begin 600 tandemcommands.txt
M1F]R(&=U87)D:6%N(#DP('-Y<W1E;0T*#0IF=7`@:6YF;R`D=F]L+G-U8G9O
M;"YD:7-K9FEL92`@("`M+2`H;&ES=',@:6YF;R!O;B!T:&4@9FEL92D-"F9U
M<"!T961I="`D=F]L+G-U8G9O;"YD:7-K9FEL92`@("TM("AT97AT(&5D:71O
M<BD-"@T*1F]R(%-A9F5G=6%R9`T*#0II;F9O('5S97(O86QI87,@<W5P97(N
M<W5P97(L9&5T86EL("`M(&QI<W1S('5S97(O86QI87,-"FEN9F\O86QT97(O
M9&5L971E('9O;"]S=6)V;VPO9&ES:V9I;&4@)'9O;"YS=6)V;VPN9&ES:V9I
M;&4L9&5T86EL("T@;&ES=',O86QT97)S+V1E;&5T92!!0TP-"F1I<W!L87DO
M;&ES="]S:&]W*&-A;B=T(')E;65M8F5R*2!S869E9W5A<F0O<V%F96-O;2`@
M+2!S:&]W<R!S96-U<FET>2!P87)A;65T97)S(&]F($]3#0IL;V<@)'9O;"YS
M=6)V;VPN9&ES:V9I;&4@("`@("`@("`@("`@("`@("`@("`M(&QO9W,@>6]U
M<B!S97-S:6]N(&]U='!U="!I;G1O('1X="!F:6QE#0H@("`@("`@("`@("`@
M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@('!R;V(@8F5S="!F
M;W(@)'1E<W0N/S\Q,C,T-2YL;V<@+"!W:&5R92`Q,C,T-0T*"0D)"0D@("`@
M("!I<R!Y;W5R(&%L:6%S+VQO9V]N:60@86YD(#\_(&ES('=H871E=F5R('1H
M97D@=7-E#0IL;V=O9F8@+2!L;V<@;V9F('-Y<W1E;0T*9&ES<&QA>2!W87)N
M:6YG<R!O9F8O;VX@+2!E<W-E;G1I86P@9F]R(&UU;'1I<&QE(&QI<W1I;F<@
M+"!S970@=&\@;V9F(`T*9F,@/R`@("`@+2`@:7-S=65S(&QA<W0@8V]M;6%N
M9"!W:&5R92`_('=A<R!T:&4@9FER<W0@;&5T=&5R(&]F('1H92!C;VUM86YD
M("AS879E<R!T>7!I;F<I#0H-"G5S969U;"!C;VUM86YD<R!F;W(@86X@875D
M:70-"FEN9F\@=7-E<B`J+BH@("T@;&ES=',@86QL('5S97)S(&EN('1E<G-E
M#0II;F9O(&%L:6%S("H@("`M(&QI<W1S(&%L;"!A;&EA<V5S(&EN('1E<G-E
M#0II;F9O('9O;"`D*BQD971A:6P@+2!L:7-T<R!A;&P@=F]L=6UE($%#3',@
M:6X@=F5R8F]S90D-"FEN9F\@<W5B=F]L("0J+BHL9&5T86EL("T@;&ES=',@
M86QL('-U8G9O;',@:6X@=F5R8F]S90E=(&UA:V4@<W5R92!D:7-P;&%Y('=A
M<FYI;F=S/6]F9@D-"FEN9F\@9&ES:V9I;&4@)"HN*BXJ("`M+2!L:7-T<R!A
M;&P@9&ES:V9I;&5S(&EN('1E<G-E"5T-"FEN9F\@;&EC96YS93UO;B`M(&QI
M<W1S(&%L;"!L:6-E;G-E9"!F:6QE<R`H;F]T('-U<F4@;VX@=&AA="!O;F4I
M#0II;F9O('!R;V<M:60];VX@+2`@;&ES=',@86QL('!R;V<M:60@9FEL97,@
M*&YO="!S=7)E(&]N('1H870@;VYE*0T*#0I.3U1%.B!C=70@86YD('!A<W1E
M(&1O97,@;F]T('=O<FL@=V5L;"!I;B!T86YD96T@96UU;&%T;W)S#0IH='1P
M.B\O=W=W+F=O;V=L92YC;VTO<V5A<F-H/V%S7W%T/7<F87-?<3U25$=3*W-E
M8W5R:71Y)F%S7V5Q=#UW)F%S7V5Q/5)A9&EO:7-O=&]P92LF87-?9'0]:29S
M:71E<V5A<F-H/29L<CUL86YG7V5N)FYU;3TR,"9B=&Y'/4=O;V=L92M396%R
+8V@F87-?;'$]#0H=
`
end

Current thread:

Re: [PEN-TEST] Tandems ? Marc Kneppers (Aug 22)
- <Possible follow-ups>
- Re: [PEN-TEST] Tandems ? Lodin, Steven {IT S~Indianapolis} (Aug 22)
- Re: [PEN-TEST] Tandems ? Heather Field (Aug 24)
- Re: [PEN-TEST] Tandems ? Ong, Kevin (Aug 24)
- Re: [PEN-TEST] Tandems ? Toolin, Colm (Aug 26)
- Re: [PEN-TEST] Tandems ? Green, Neale S (Aug 26)
- Re: [PEN-TEST] Tandems ? Green, Neale S (Aug 27)