[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: the case of a stolen notebook

On Wed, May 29, 2002 at 03:37:50AM -0500, xbud wrote:
> On Wednesday 29 May 2002 11:16 am, Rauno Linnamäe wrote:
> > Hello,
> >
> > We are running a Debian (potato) box with Samba as PDC for user
> > authentication and file server for W2k LAN clients. Recently one of our
> > notebooks was stolen. As I can identify all the users who have ever logged
> > in via that notebook, and may have their samba password stored on the
> > machine, I revoked all these passwords.
> >
> > Can any of you think of any other steps I should take to minimise the risk
> > of some black-hat abusing the information stored by W2k against our
> > server/network?
> This is no way to think if you're a security geek, but if you want to make 
> yourself feel better the person who stole your notebook is a mere theif and 
> is incapable of using any information other than credit/financial information 
> that can lead again to more theft.
I am quite aware of that. In fact, I was rather thinking about the consecutive owner/purchaser of the stolen hardware who might have some knowledge about computer security.
> On the other hand, purge the users' login's make a significant change to the 
> username converntion since he/she knows what you currently use and can use 
> this to his/her advantage for later brute force attacks.
The username can also often be guessed from e-mail addresses. Besides, I do employ a "strong" password policy, and several IDS-s, thus brute-forcing would not be of primary concern.

> He also knows your internal address space information (ie your Internal ip 
> addresses are now 'public),of course that is a significant network change if 
> your dealing with several thousand hosts.

All internal addresses are in the 192.168.x.x address space, thus this is not highly sensitive information, is it?

> -----------------------
> Orlando Padilla
> xbud@g0thead.com
> "I only drink to make other people interesting"
> www.g0thead.com/xbud.asc
> -----------------------

Many thanks,


Attachment: pgptNzQrkPJcR.pgp
Description: PGP signature

Reply to: