Penetration Testing mailing list archives
RE: Boot floppy
From: Sat Jagat Singh <flyingdervish () yahoo com>
Date: Fri, 13 Apr 2007 09:28:53 -0700 (PDT)
Opening a conversation with the user and his supervisor need not be from the stand point of making an accusation or suggesting suspicion. It should be a simple matter of policy that the IT department manages company owned machines. If the machine is not under IT control and is not configured in a standard way then you cannot verify that it complies with company policies concerning the installation of antivirus software, licensing of applications and may present a security risk to the organizational network. He may say, "Trust me it is secured." But then he is asking you to trust every other user in the organization and make him an exception to organizational policy; a bad practice for anyone. Another tactic would be to simply audit his access to potentially sensitive data stored on servers. Boot a LiveCD running Snort on a different system and log all of his access to systems or IP addresses to which he shouldn't have access. With these steps you are establishing whether he is making inappropriate access attempts. By breaking into his machine, you may only establish that he has sensitive data for which he may have authorization. You're approaching the problem from the completely wrong angle and it stinks of potentially illegal activity on your own part. --- Mifa <mifa () stangercorp com> wrote:
Thanks for the info. Backups are not done on a machine thats off our network. I can not access my admin privilages becasue the machine is not on a domain and is not simply locked with windows. Further , the admin account is disabled/missing; to be honest Im not shure how. I had hoped to do a quick reboot from a floppy because its fast. We suspect that we have someone who is sending company job files to another company. If so this would make the second person doing such. One of our employes left this company to start another company and he had friends. We dare not point out any one without proof or fire anyone without knowing we the correct person; especially when this person has been with the company most of its existance. To get that proof I think the hardware key logger would be a good option to get the password ect then log in, but not any good for the longer term. Also, we are keeping a copy of all emails. The other option is to disclose our suspecions and have him turn in the computer the next time he comes into the office; which we will do if we must. Being a small company based on trust its the last option short of fireing wich the owner will not do without proof. Now you see the sensitive delima here. We do have every right and policy, but....
------------------------------------------------------------------------
This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020
------------------------------------------------------------------------
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Re: Boot floppy, (continued)
- Re: Boot floppy Anders Thulin (Apr 11)
- RE: Boot floppy Marvin Simkin (Apr 11)
- RE: Boot floppy Pretorius, Wynand (ZA - Johannesburg) (Apr 11)
- Re: Boot floppy Sat Jagat Singh (Apr 11)
- Re: Boot floppy Danyelle Gragsone (Apr 11)
- Re: Boot floppy Jamie Riden (Apr 11)
- Re: Boot floppy Juergen Fiedler (Apr 11)
- RE: Boot floppy Wiedemann, Adrian (Apr 11)
- RE: Boot floppy Mifa (Apr 13)
- Re: Boot floppy Michael Munt (Apr 13)
- RE: Boot floppy Sat Jagat Singh (Apr 13)
- Re: Boot floppy Shreyas Zare (Apr 13)
- Re: Boot floppy Morning Wood (Apr 13)
- Re: Boot floppy Packet Man (Apr 15)
- Re: Boot floppy barcajax (Apr 13)
- Re: Boot floppy Thor (Hammer of God) (Apr 13)
- Re: Boot floppy Tremaine Lea (Apr 14)
- Re: Boot floppy Morning Wood (Apr 15)
- RE: Boot floppy Michele Jordan (Apr 28)
- Re: Boot floppy Tremaine Lea (Apr 14)
- Re: Boot floppy Anders Thulin (Apr 11)