Re: the case of a stolen notebook

To: Rauno Linnam?e <raunzz@delfar.ee>, debian-security@lists.debian.org
Subject: Re: the case of a stolen notebook
From: xbud <xbud@g0thead.com>
Date: Wed, 29 May 2002 05:19:08 -0500
Message-id: <[🔎] 2M08-.A.5UC.dZV98@murphy>
Reply-to: xbud@g0thead.com
In-reply-to: <[🔎] 20020530003805.A15468@delfar.ee>
References: <[🔎] 20020529191651.A13974@delfar.ee> <[🔎] B78ZOB.A.WXD.j6T98@murphy> <[🔎] 20020530003805.A15468@delfar.ee>

On Wednesday 29 May 2002 04:38 pm, Rauno Linnam?e wrote:
> On Wed, May 29, 2002 at 03:37:50AM -0500, xbud wrote:
> > On Wednesday 29 May 2002 11:16 am, Rauno Linnamäe wrote:
> > > Hello,
> > >
> > > We are running a Debian (potato) box with Samba as PDC for user
> > > authentication and file server for W2k LAN clients. Recently one of our
> > > notebooks was stolen. As I can identify all the users who have ever
> > > logged in via that notebook, and may have their samba password stored
> > > on the machine, I revoked all these passwords.
> > >
> > > Can any of you think of any other steps I should take to minimise the
> > > risk of some black-hat abusing the information stored by W2k against
> > > our server/network?
> >
> > This is no way to think if you're a security geek, but if you want to
> > make yourself feel better the person who stole your notebook is a mere
> > theif and is incapable of using any information other than
> > credit/financial information that can lead again to more theft.
>
> I am quite aware of that. In fact, I was rather thinking about the
> consecutive owner/purchaser of the stolen hardware who might have some
> knowledge about computer security.
>
> > On the other hand, purge the users' login's make a significant change to
> > the username converntion since he/she knows what you currently use and
> > can use this to his/her advantage for later brute force attacks.
>
> The username can also often be guessed from e-mail addresses. Besides, I do
> employ a "strong" password policy, and several IDS-s, thus brute-forcing
> would not be of primary concern.
>
Brute force attacks can be evasive unders circumstances a patient one may try 
one password per day for several months in an automated fashion.  ( what are 
the odds eh?)
IDS's ?  If you have any ssl enabled webservers allowing users to check email 
remotely or login through say 'mindterm' to an internal machine etc...  Will 
the ids catch that too ? ( you willing to monitor after decryption has 
occured at the OS side ? ) 

> > He also knows your internal address space information (ie your Internal
> > ip addresses are now 'public),of course that is a significant network
> > change if your dealing with several thousand hosts.
>
> All internal addresses are in the 192.168.x.x address space, thus this is
> not highly sensitive information, is it?
>
This depends on you, evidently you're paranoid or you wouldn't be posting 
here :), why give out any information regarding your network when it's 
unnecessary ?
But I agree under these circumstances not highly sensitive.

> > -----------------------
> > Orlando Padilla
> > xbud@g0thead.com
> > "I only drink to make other people interesting"
> > www.g0thead.com/xbud.asc
> > -----------------------
>
> Many thanks,
>
> Rauno


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- the case of a stolen notebook
  - From: Rauno "Linnamäe" <raunzz@delfar.ee>
- Re: the case of a stolen notebook
  - From: xbud <xbud@g0thead.com>
- Re: the case of a stolen notebook
  - From: Rauno Linnam?e <raunzz@delfar.ee>

Prev by Date: Re: the case of a stolen notebook
Next by Date: Re: ssh authentication configuration? => better use OTP method
Previous by thread: Re: the case of a stolen notebook
Next by thread: Configuration problems with pam_smb, mod_auth_pam
Index(es):
- Date
- Thread