Vulnerability Development mailing list archives
Re: the microsoft hack & windows 2000
From: Elliott Abraham <ElliottA () MAIL CTA HA OSD MIL>
Date: Tue, 31 Oct 2000 08:25:38 -0500
A great example of splitting "admin" or "root" rights is the Sidewinder firewall from Secure Computing. It has two modes of operation, Operational or SW-OPS and Administrative or SW-Admin(i think). The cool thing about their type enforcement technology is that when in one mode you are limited to what you need to admin the box which is found in the other mode. When you boot to Admin mode, your internet connections are closed(ain't it cool :) As far as Win2k goes, Group Policies have given us as admins a powerful new tool to assist with the tedium of network administration and the strength of policies to make it all secure. Microsoft has done in my opinion a great job with this product. Elliott -----Original Message----- From: Masial [mailto:masial () SECURED ORG] Sent: Monday, October 30, 2000 2:14 AM To: VULN-DEV () SECURITYFOCUS COM Subject: the microsoft hack & windows 2000 Hi list, I was reading this peice on /. about the MS hack and it got me thinking that microsoft might be right on something. <SNIP> "How about how someone who had the ability to create accounts on the network, if the incident only did last a week as the article implied, could only perhaps have a 'brief glimpse of the source code.' I don't know about you, but even on a 2400 baud modem, I think I could probably download more than a glimpse." </SNIP> Now I was saying to myself, well this guy is thinking NT. But in windows 2000, you can have a user thats able to create accounts in a certain scope while having absolutely no rights on the source safe servers. Is it possible that Windows2000 will bring new shades in accounts hacking? How do you get out of a partial-admin account? Where can you elevate your privileges? In light of the new Active Directory, you might have an account with the ability to change propreties A,B and C of an object while having a permission denided on some other. My real question here is, is that just security trough obscurity? Obsfucate your enemy. Or is it possible that splitting up the admin's rights prove helpfull to the security of Win2000 based networks? food for tought M.
Current thread:
- the microsoft hack & windows 2000 Masial (Oct 31)
- Re: the microsoft hack & windows 2000 Lincoln Yeoh (Nov 01)
- <Possible follow-ups>
- Re: the microsoft hack & windows 2000 Elliott Abraham (Nov 01)