As a security professional, I must comment......
I think that it is wonderful that "Junior SysAdmin" was responsible for
this system. What I find unfortunate is that they did not properly
secure the box. What is even *MORE* unfortunate is that the
administration used this as a reason to eliminate Linux. What they
should have done is use this as a teaching tool to educate people on:
1) how to discover a crack
2) how to trace the culprits
3) how to recover from a crack and
4) how to properly secure a system
By eliminating Linux, they have effectivly eliminated the potential for
education on these things. By putting NT, or worse, W2K, in it's place,
they have opened up a whole host of other vulnerabilities. For example,
if they don't understand NT security, they they probably don't know that
by default, NT has "Administrative Shares" enabled. This means that even
though you think that file sharing is not enabled, it really is. C$,
IPC$. and Admin$ are shares, and a side benefit of this, there is a
"Feature" that allows you to connect to these shares using a null
username. But it "is completely secure because it only allows you read
access" (Microsoft spokesperson) to the entire C:\ drive. That means
that you can't write to it, but you can read the .SAM file, copy it onto
your system, run it through l0pht crack, and have complete remote
administration of the system, and most likely the entire domain.
I would love to sit down with the people at universities who make these
decisions and explain to them that their decision to use Microsoft
products is detrimental to the security of their network. And, a
compromised network means lawsuits, bad publicity, and all of the things
that they attribute to the use of Linux.
Kenny
Mjo wrote:
> KSC has traditionally had a Linux server that held student accounts for mail
> and web pages. "Junior Sys Admin" was an independent study for running this
> box. This summer it was used by a couple of people to break into places such as
> Bell Atlantic. The college administration has in absolutely no uncertain terms
> decreed that we may only have a Linux box if it is NOT attached to the outside
> world. This is unfortunately not up for any debate. Linux in a vacum makes
> very little practical sense, but that's what we have to work with. Because
> this makes the "Junior Sys Admin" role almost entirely moot, it will be
> WONDERFUL to keep Linux possibilities here through the LUG.
--
Kenny Lussier
Systems Administrator
Mission Critical Linux
***********************************************************
Life is a lesson, you learn it at the end
Reality has become increasingly less accurate
***********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
