Re: sysadmin won't allow linux - PLEASE HELP
hi ya
i donno for sure....
but i would suspect getting into an NT or windows box and
sniffing from there would be easier than getting into a patched
linux box .... and havign somebody sniff passwd
rememboer all theose widnows box are basically "root" anyway
( okay...administrator ) and those users can isntall those
sniffers tooo as can those from the outside...
if the outside world can come into local PC machines...they've
got a major firewall issue...
=====================
==
== if they are running stuff that has cleartext passwds...
== they cannot use the argument that they are security concious...
==
=====================
- if they claim security is an issue... even if they running
cleartext passwd ( ftp, pop, telnet ... )
then i'd be heading out the door at that point...
- those insecure stuff should be on a insecure network...
sniff it all they like... give um root on a linux box...
but no other damage will occur to the rest of the LAN
===
=== windoze boxes and linux boxes must be "hardened"...
=== if not...both are equally susceptable to any kind of additional
=== attacks locally or to the outside Bank-of-Arctic-Circle NTSA
===
c ya
alvin
On Wed, 11 Jul 2001, Jason Healy wrote:
> At 994884618s since epoch (07/11/01 15:50:18 -0400 UTC), Brian Stults wrote:
> > and 2) they want to know that I am conscious of security issues. If
> > anyone has any suggestions for the kinds of things to stress, I would be
> > happy to hear them.
>
> Our IT department was wary (though not afraid) of linux users, because
> once you've rooted a linux box, password sniffing is only a short
> distance away. However, with all those fun windoze tools out there,
> taking over windows machines is just as easy, and just as devastating
> for the network.
>
> Emphasize that you're probably safer running linux than windows. You
> won't be using Outlook (a major plus <g>), and you actually know how
> to secure a linux machine. You won't be running a public webserver,
> etc, etc. Offer to let them try to hack your box... =)
>
> > Here is one concern of theirs, though, that I don't understand. They
> > said one problem with linux is that it will trick their network into
> > thinking that my linux box is the main server, thus bringing down a
> > system of over 2000 users.
>
> They might be referring to using Samba and setting it up as a domain
> master. This is stupid, because a) it doesn't come configured that
> way, and b) any organization worth its salt will run a backup domain
> controller to ensure that nobody can hijack control of the domain (for
> a while, all Win 95 boxes were factory set to try to elect themselves
> as the browse master for a domain, so they should have solved this
> problem anyway).
>
> They might also be referring to other misconfigurations... since linux
> lets you tweak so much, it is possible to make dumb mistakes (I once
> advertised myself as the shortest path to all appletalk devices. You
> can imagine the warm reception I got from IT on that one when all the
> printers fell into a Black Hole of Routing.)
>
> While linux makes this stuff possible, it doesn't mean that you're
> automatically going to do it. Also, it is possible to do some of this
> stuff even if you have windows, so it's not really fair to assume that
> you'll do anything wrong (is this 'OS profiling'?). If they're
> assuming that you're malicious, then that's their problem; if you
> really want to screw the network you can do it hundreds of ways
> without needing linux.
>
> Just talk to them and try to show that you have a clue (but aren't
> pompous), and if they have any sense they'll warm up to you. My
> college's IT department was cold and unfriendly, until you get to know
> them. After some friendly chats, they'll let you do whatever you want.
>
> Jason
> --
> Jason Healy | jhealy@logn.net
> LogN Systems | http://www.logn.net/
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: