Penetration Testing mailing list archives
Re: password auditing
From: Tracy Reed <treed () ultraviolet org>
Date: Tue, 17 Nov 2009 10:52:46 -0800
On Tue, Nov 17, 2009 at 08:59:29AM -0600, Harris, Michael C. spake thusly:
Make sure you have permission from the highest possible source, ISO, CIO, chairman of the board the higher the better.
Probably a good idea. Especially in a big corporation where things can easily get out of control when the lawyers get their hands on things. Learn the lesson of poor Randall Schwartz and his felony convictions due to his work with Intel. In a smaller company (such as mine) I wouldn't worry so much.
Do not use a networked box, period. Do it off line, and in a locked room. Lock the console whenever the auditor does not have eyes on
Might be a bit overkill but ok... Seems like all of the servers should be in a locked room anyway.
Lastly, be sure to at least 3x over write the drive with random pattern after the audit is complete too.
This has not been necessary for years and we really need to put an end to this sort of cargo-cult security. http://blogs.sans.org/computer-forensics/2009/01/15/overwriting-hard-drive-data/ And some analysis of modern techniques for recovering data and their effectiveness: https://blogs.sans.org/computer-forensics/2009/01/28/spin-stand-microscopy-of-hard-disk-data/ Executive summary: Data overwritten once is unrecoverable on any drive made in the last 10 years. So do a single write pass from /dev/random on working drives. For non-functional drives or where overwriting is not possible drilling holes is very sufficient for any business and personal data. I recently used a 1/4" cobalt tip drill bit in my bench press on a dozen failed drives containing sensitive information and then pitched them to the recyclers. For top secret data wanted by an enemy with unlimited resources where you could not overwrite the data just once then recovery via Spin Stand Microscopy from undamaged areas of the platter is possible at great expense and weeks of constant work. Shattering the platter makes this technique much harder rendering perhaps 80% of the data unrecoverable. You are still best off with a cheap one time write of the whole drive. And as far as data recovery from failed drives goes this is rather amusing: http://blogs.sans.org/computer-forensics/2009/09/30/the-failed-hard-drive-the-toaster-oven-and-a-little-faith/ -- Tracy Reed http://tracyreed.org
Attachment:
_bin
Description:
Current thread:
- password auditing Derek Robson (Nov 17)
- Re: password auditing James Bensley (Nov 17)
- RE: password auditing McGhee, Eddie (Nov 17)
- Re: password auditing Kevin L. Shaw, CISSP, GCIH (Nov 17)
- RE: password auditing Harris, Michael C. (Nov 17)
- Re: password auditing Tracy Reed (Nov 17)
- RE: password auditing John Perea (Nov 17)
- Re: password auditing Robert Portvliet (Nov 17)
- Re: password auditing Robert Portvliet (Nov 17)
- Message not available
- Re: password auditing Robert Portvliet (Nov 17)
- Message not available
- RE: password auditing Bakshi, Narinder (FIN) (Nov 17)
- Re: password auditing Meta Junkie (Nov 17)
- Re: password auditing Ross Del Duca (Nov 17)
- Re: password auditing Haris Pilton (Nov 17)
- Re: password auditing R. DuFresne (Nov 17)
- Re: password auditing Derek Robson (Nov 17)