[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: the case of a stolen notebook

On Wednesday 29 May 2002 11:16 am, Rauno Linnamäe wrote:
> Hello,
> We are running a Debian (potato) box with Samba as PDC for user
> authentication and file server for W2k LAN clients. Recently one of our
> notebooks was stolen. As I can identify all the users who have ever logged
> in via that notebook, and may have their samba password stored on the
> machine, I revoked all these passwords.
> Can any of you think of any other steps I should take to minimise the risk
> of some black-hat abusing the information stored by W2k against our
> server/network?
This is no way to think if you're a security geek, but if you want to make 
yourself feel better the person who stole your notebook is a mere theif and 
is incapable of using any information other than credit/financial information 
that can lead again to more theft.

On the other hand, purge the users' login's make a significant change to the 
username converntion since he/she knows what you currently use and can use 
this to his/her advantage for later brute force attacks.

He also knows your internal address space information (ie your Internal ip 
addresses are now 'public),of course that is a significant network change if 
your dealing with several thousand hosts.

> Regards,
> Rauno

Orlando Padilla
"I only drink to make other people interesting"

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: