Penetration Testing mailing list archives
RE: Testing two bank laptops. winxp vpn client
From: "jeremiah" <jeremiah () nur net>
Date: Sun, 12 Feb 2006 11:42:40 -0800
Disable cached credentials via a domain Group Policy Object. The best way to do this is by creating a container group for the laptop machine accounts in the domain. Caveats? The user will have to login via a RAS connection. The other alternative is two-factor auth, which will allow safe use of cached creds. "To turn off cached credentials, use a Group Policy Object (GPO) to set the number of cached credentials to zero. Users can still log on using local user accounts, but in most environments, it's unusual for users to have local user accounts on their clients. You might consider changing the cached credential setting only for desktop computers, as laptop users may have a legitimate need to log on when they can't contact a DC." http://www.mcpmag.com/columns/print.asp?EditorialsID=658 More here: http://www.windowsecurity.com/articles/Implementing-Troubleshooting-Account- Lockout.html http://www.windowsdevcenter.com/pub/a/windows/2004/05/18/ug_caching.html http://www.windowsdevcenter.com/pub/a/windows/2004/05/18/ug_caching.html
-----Original Message----- From: Bob WIlliams [mailto:sopiaz57 () gmail com] Sent: Sunday, February 12, 2006 9:34 AM To: pen-test () securityfocus com Subject: Testing two bank laptops. winxp vpn client Hey All, I have a client who wants two bank laptops tested. I want to do some reasearch on a fix for a problem I know they are vulnerable too. They use the WIN xp VPN client which saves the password, giving someone who steals the laptop an easy way into the corporate network. Does anyone know how I can disable this feature so employees cant save the password? Thanks in advance// -------------------------------------------------------------------------- ---- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------- -----
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Testing two bank laptops. winxp vpn client Bob WIlliams (Feb 12)
- Re: Testing two bank laptops. winxp vpn client Thor (Hammer of God) (Feb 12)
- Re: Testing two bank laptops. winxp vpn client Rony Romero (Feb 13)
- Re: Testing two bank laptops. winxp vpn client Skip Carter (Feb 24)
- Re: Testing two bank laptops. winxp vpn client Rony Romero (Feb 13)
- RE: Testing two bank laptops. winxp vpn client jeremiah (Feb 12)
- Re: Testing two bank laptops. winxp vpn client Thor (Hammer of God) (Feb 12)
- Re: Testing two bank laptops. winxp vpn client lion nagar (Feb 12)
- Re: Testing two bank laptops. winxp vpn client Thor (Hammer of God) (Feb 12)