On Wed, May 29, 2002 at 03:37:50AM -0500, xbud wrote: > On Wednesday 29 May 2002 11:16 am, Rauno Linnamäe wrote: > > Hello, > > > > We are running a Debian (potato) box with Samba as PDC for user > > authentication and file server for W2k LAN clients. Recently one of our > > notebooks was stolen. As I can identify all the users who have ever logged > > in via that notebook, and may have their samba password stored on the > > machine, I revoked all these passwords. > > > > Can any of you think of any other steps I should take to minimise the risk > > of some black-hat abusing the information stored by W2k against our > > server/network? > This is no way to think if you're a security geek, but if you want to make > yourself feel better the person who stole your notebook is a mere theif and > is incapable of using any information other than credit/financial information > that can lead again to more theft. I am quite aware of that. In fact, I was rather thinking about the consecutive owner/purchaser of the stolen hardware who might have some knowledge about computer security. > > On the other hand, purge the users' login's make a significant change to the > username converntion since he/she knows what you currently use and can use > this to his/her advantage for later brute force attacks. > The username can also often be guessed from e-mail addresses. Besides, I do employ a "strong" password policy, and several IDS-s, thus brute-forcing would not be of primary concern. > He also knows your internal address space information (ie your Internal ip > addresses are now 'public),of course that is a significant network change if > your dealing with several thousand hosts. > All internal addresses are in the 192.168.x.x address space, thus this is not highly sensitive information, is it? > ----------------------- > Orlando Padilla > xbud@g0thead.com > "I only drink to make other people interesting" > www.g0thead.com/xbud.asc > ----------------------- Many thanks, Rauno
Attachment:
pgpjCLL3oInt0.pgp
Description: PGP signature