Impact on how to keep a blueprint of my Ad structure, network structure on servers

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
 - 1
 - norton anti-virus can anyone help me move norton anti-virus from a file in kazaa lite to where I need to have it for it's proper use? thanks Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37643
 - 2
 - Webpage dialed my modem to ? A German *webpage* dialed out over my modem, when I clicked that I was 18 years old (18 Jarhen). It also put a new Icon on my desktop. I'm worried I'm going to have a $100 charge on my phone bill for 20 seconds of a call to God-Knows-Where. I knew email trojans could do this, but the webpage attack was a surprise. I am on DSL. The modem was just there for a backup, if/when the DSL line is down. Is there an option that would give me a prompt before a webpage does this again, or block modem calls that do not come from me? I already had the: Network and Dialup Connections > Advanced > Dialup Preferences set to "always ask me before autodialing" -but it did it anyway. I found a new New Connection Icon. The number it called was: 0112463531444 WIN2000 IE6.0 ZoneAlarm Norton Anti-Virus Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37632
 - 3
 - Dwn.Updates I have an windows up-date to dwn.load and install which is 5.2 mgz and 30 mintue dwn.load time. I have a slow processor and dial up isp.when I go to install the up-date I get disconnected. Is their a way I could install half now and half later. I have windows me.I/E6.0. Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37625
 - 4
 - Security update I keep getting this security update #823559 once or twice a week. Is this the same update that I keep downloading over and over or not? If so,why do they keep sending it to me? Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37623
 - 5
 - PGP Signed MS security bulletins...fail I received two MS security bulletins on 10/15 both with the subject: Microsoft Exchange Server Security Bulletin Summary for October 2003 One talked about an exchange patch, the other talked about MS03-41 through MS03-45. The information they provided looked legitimate, but **Both** failed PGP verification with Microsoft's key. Ire-downloaded the key with same results. Thumbprint matched so that was expected. I went to technet and found the Oct. article through technet (as if I'd never seen the email) and went and got the patches OK, but did so with due skepticism along the way. Did anyone else have this happen? -- Jim (for e-mail replace invalid with com) "Remember, an amateur built the Ark; professionals built the Titanic." Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37622
 - 6
 - Bogus Microsoft Updates I posted on the Microsoft OneNote newsgroup a few hours ago. I used my email address instead of leaving it anonymous. I have suddenly recieved two bogus emails regarding Windows updates. Silly me. How was I so naive to not know that the villians of the world monitor the newsgroups. beware all. David Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37621
 - 7
 - Lock Violation What is a lock violation? How do I uninstall or install when I keep getting a lock violation message? How do I unlock?? Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37620
 - 8
 - help someone please since some relatives of mine came to visit and used my computer, my home page has been set to luckysearch.com, globe-search.cc or icansearch.net, i have changed it in my registry back to my original homepage but everytime i change this, something is changing it back, does anyone know if there is a maliscous program going about that virus checkers don't recognise or microsoft security updates don't resolve. if someone could help me it would be a great help Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37615
 - 9
 - using my email address to send spam Hi there, Below is a spam letter i got but their usinng MY EMAIL ADDRESS IVE HAD ABOUT 18MONTHS. Hoe can they do this and what about the legality of it. Bob. >From: bobburns43@hotmail.com >Date: 18 Oct 2003 01:40:09 -0700 > ><html><center>225u3105o10307j65652454sc4z 0x48m2316121gz1m4l050705258 str4 $ >You wouldn't pass up an extra $1,000.00 a year... Would you? > We do the work for you. By subrnitting your information across to hundreds of Ienders, we can get you the best interest rates around. str5$ Imterest rates are lower than they have been in over 40 years, but it won't stay that way for long. Our simple form only takes a few moments, there is absolutly NO OBLlGATlON, and it's 100% FREE. You have nothing to lose, and everything to gain. <a href="strurl$cgi- bin/affiliates/clickthru.cgi?id=mail01">str3 $</a> 3438a10126uw2915qr7qy7wn63 i k8v8hd14e3pkb3779tjr625037c 6z93twg7f5p174313m60225u3105o10307j65652454sc4z0x 48m23 >str6$, <a href="strurl$gone/">un s ubscr11be</a>. Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37614
 - 10
 - Win2K3 Enterprise Server Checked + Debug Updates Hey, I have a checked (etc) version of Win server 2003, I am unable to install any updates, this would be no problem appart from the current situation with the blaster virus, Is there anywhere which i can go to get update's that will install or can i change a setting so that it will accept the updates? Many thanks in advance Richard. Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37613
 - 11
 - Password Protect? My brother keeps getting in and deleting my files. Can anyone tell me how to password protect my files or folders? thanks! Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37600
 - 12
 - Error when loading 2003 Norton Internet Security I get the following run time error after loading 2003 Norton Internet Secuirty Program C:\Program Files\Common Files\Symantec Shared\ccApp.exe R6025 -pure virtual function call I am running Windows XP Professional and am trying to install a Linksys wireless router Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37599
 - 13
 - Pop Ups: This is only my experience and I do not want take away from all of the other posts that give out free program info to get rid of pop ups. 3 1/2 weeks ago I installed Internet Security from Norton (2004)version. Since that time I have not had 1 pop up(I'm not kidding) anywhere and I do surf a lot with cable. I tried some other programs before (free) and they helped somewhat but still very frustrating. It also learns you spam habits and will put them in a spam folder or do whatever you want. All I will say is if you are looking for pop ups to go away this is the program not to mention the firewall,anti- virus,anti-spam and more. No I don't work for Norton but this program is great! Costco $58.00 with $30.00 upgrade rebate. Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37593
 - 14
 - Auto dial out Computer dials out automatically on seemingly random basis. Seems to use Acord32. Why? Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37590
 - 15
 - Microsoft updates & patches I'm not sure, but I think I may be a victim of what David Barnard wrote about. I thought I was setting up automatic updates from Microsoft. Now I get dozens of emails every day from Microsoft Corporation, MS Corporation, subject: patch update, bug,...etc. They completely clog my email because they are large files. I put the settings on my computer so as not to receive automatic updates, but they continue. How do I stop this???? Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37587
 - 16
 - Get email about new security updates! In the aftermath of swen (some of us are still dealing with it) I was stunned to read this on the Microsoft homepage: "Stay Secure - Get email about new security updates". This is targeted at home users (the same home users who, in their thousands, clicked on that wonderful attachment courtesy of swen). Now, does this sound like Trustworthy Computing? There is, admittedly, a separate page explaining how to tell whether an email came from Microsoft or not, but this is beside the point. People are confused enough already. Providing a quick fix is no solution - this just opens the door for more swen variants, claiming to be sent because YOU subscribed for it, and with no attachment (Microsoft will NEVER send you an attachment. Click on <fakeurl> instead). Does anyone care to attempt to reconcile this irresponsible action with Microsoft's public stance on security? David Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37577
 - 17
 - none none -- Posted via http://dbforums.com Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37569
 - 18
 - Microsoft Windows Update Site Broken in IE6 I am the admin for several NT4 workstations. The Windows Update site (which had previously been working, and only works in IE) seems to have been broken with the new method of releasing patches (the October patches). The website shows "No updates of this type are available at this time." under the section "critical updates and service packs." Because the workstation had not been patched with the latest updates it should have shown: KB824141 KB828035 KB823182 KB825119 Good job, you guys at Microsoft. Keep up the good work -- breaking two things for every one you fix! --Douglas Mayne Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37566
 - 19
 - Digital ID without email address Hi! Sorry aboy cross posting, but I just saw this group so... If I want to use Digital ID which does not contain email address to sign emails how can I do that in Outlook 2003. I know it should be possible, but what I should do excatly? Cheers, Mikko Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37557
 - 20
 - WINS ADMIN delegation Can someone tell me the best approach to delegating WINS admin to my network team. We recently migrated our WINS from UNIX servers to our AD DC's. We do not want to add them to any unnecessary high level groups (e. g. server operator or DA) to do this delegation. Please advise. Thank you Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37556
 - 21
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.10.17 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37554
 - 22
 - Malicious Hacker Activity OK malicious hackers you have pissed ,me off. deal with it. This babe is going to expose your hacking activites, and I'm going to hit ya hard, Tracker Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37548
 - 23
 - pop ups I continue to get more pop ups and it makes my newer computer non-function when I am on the web....any idea how I can stop all pop ups...bought and downloaded software to stop it and it does not seem to help...is there some ways on my computer control panel that I can stop these disturbances Thanks Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37544
 - 24
 - Security Hotfix blue screened my duel proc. NT box Last weekend, during an upgrade, I took advantage of the downtime to upgrade some member servers, get those security patches all up to date. One box, which I recently added a 2nd processor too, NT 4 SP6a, IIS 4 blue screened after one of the updates (no, I don't remember which, and didn't write it down - within a few months though). I was able to fix the box by booting into another NT config (the one created when I added the processor) and copy back the system files the patch backed up. Here is my question, it would appear security hotfix was not for a second processor, and replaced system files incorrectly. I scoured MS site tonight, and found no mention of different patches for different kernels. Am I on the right track or did I just have a blowup after a patch? Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37534
 - 25
 - New security bulletin format: Where's the 'will be included in...' information? Always appreciate new-and-improved-ness, but there is one very important piece of information left out of the new security bulletins that would be most helpful to have back in. Previous bulletins would tell you explicitly in what future service pack the hotfix would be included (if it was going to be included in a service pack). If we know a hotfix was to be included in a future service pack, we may hold off for the service pack; we would only deploy the hotfix if necessary. This lets us be a bit more deliberate about which hotfixes we deploy. We also keep track of which service pack the hotfix was included, so we can do periodic audits of our security bulletin database. Many times we find that a critical hotfix is now moot as a subsequent service pack has 'fixed' the issue. Microsoft, can you please add this 'feature' back in? Or at least give us a quick way to determine which service packs (or security roll-ups) take care of which security issues besides having to sift through service pack release notes? Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37532
- Next
 - 1
 - mssecure.xml does not check for latest patches Hfnetchk and mbsa (with the latest mssecure.xml) do not scan for the Oct 15th patches on NT 4SP6a workstation even though the bulletins say they are required. Same thing with windowsupdate.com. Is this a mistake or is MS no longer supporting scanning for hotfixes on NT workstation? Thanks Matt _______________________________________________________________________________ Posted Via Uncensored-News.Com - Accounts Starting At $6.95 - http://www.uncensored-news.com <><><><><><><> The Worlds Uncensored News Source <><><><><><><><> Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37529
 - 2
 - Newest Security Bulletins MS03-041/047 Hi, If I open the latest security bulletins MS03-041/047 by clicking one from http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp I can see the Print icon in the top right hand corner. If I click on it to print I get a box that says The attempt to print failed. Please use your browsers default print services. This is not the case with previous bulletins. Why is this failing now? Thanks Chris Wood Alberta Department of Energy CANADA Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37522
 - 3
 - Patching according to KB828489 when Exchange and OWA are not on the same server??? Hi All From what I understand the patch for OWA 5.5 described in KB 828489 affects both Exchange Server and IIS.... now in my case the OWA 5.5 service is not on the same server where Exchange 5.5 is. Question 1) Should I apply the same patch on both servers or only on the one where OWA is? 2) Is patch going to do its job or was it conceived to work on a single box (Exchange and OWA on the same box). Thank you for your help!!! Theo Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37521
 - 4
 - jig.ms.smv virus Gotz to be wack when it ain't all dat. I be sayin' like yo foo, cool chill like no otha, criznap. Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37518
 - 5
 - Respond To Review Four Remember, we?re talking about Windows 95,98 and ME Platforms and my book was written for basic home computer users only. It?s has since grown into a book which will help three levels of computer Windows users. The following is from a reviewer with the nick name of "Jack" Part 1: Throughout the document, there area number of sentences that make absolutely no sense whatsoever. An few examples: "The time seemed like forever, with no end; On the technical side, there is no mention of the time between the request to close the account(s) and the time it was discovered that the logins had not been disabled. This may indeed display poor housekeeping on the part of the ISP but does not provide evidence that this method is being used by "hackers" to access others systems. ME: I?m not going to be honest about how long the ISP dial-up access was truly used, but a guideline could be two months. Read Review 3 for the response provided. The three separate ISP e-mail accounts were closed months prior, but I was still able to access them through dial-up. Even if it was poor housekeeping on an ISP?s part, the point is, hackers are using your canceled account Cable/DSL dial-up access and this should tell the world how hackers are accessing the Internet for free. AT&T and Qwest provided 20 free hours of dial-up at the time of writing my book, but we used the same 20 hours, plus, each month. Hackers can then set-up a Dial-up Server on a victims computer and use pre-paid phone time. Or the hacker can set-up an ISPs Primary and Secondary DNS IP addresses and just connect using their own modem and your canceled Cable/DSL dial-up accounts. The method used to calculate the potential loss to the ISP(s) was " Estimated the above by the amount of attacks our compromised computers were receiving on a daily, weekly and monthly basis." According to the text, these attacks numbered 50,000 in a month. This equates out to roughly one "attack" per minute just on the compromised machines. There is no mention of what constituted an attack nor how it was determined that all of these attacks came from closed or hacked accounts. ME: There were two different computers online at any given time. Zone Alarm and Blackice Defender logs listed a number of attacks and we also calculated the Blackice firewall logs which was owned by the hackers, hidden in a Folder. You have to remember, "The Trackers" were a six member crew and we had at least one computer up almost 24/7. We never could understand how the ferret owners never figured out how one person, "ME", could be online 24/7 and not notice this. They would go to bed and the computer would be online, they would wake up and the computer was still online and someone was actively using the Internet. DAMN! "Malicious hackers aren?t going to use their own computers to scan any system, network or server for open ports". I know some secrets around this, but they won?t ever be shared with any one. About 90% or so of firewall log evidence will come from innocent victims computers and some of these computers are only misconfigured. How does this babe know this, it?s because I?ve contacted nearly a thousand of the owners of these IP addresses listed in my firewall logs and either they had no idea what the fuck I was talking about, they didn?t know their computer had open ports or they didn?t even know what an open port was. Their IP address was port scanned and it revealed to me their computers with either open ports, Trojan Horses or Backdoors. The discussion in the paragraph revolves around potential lost revenue and does not address the methods used to gain the access to the accounts nor does it indicate methods to minimize the risk (i.e.strong passwords). ME: Will assume your talking about the two million dollar articles. I?m not totally sure how to address this, but will try. Most individuals on a Windows Platform don?t know they need to disable any services, especially file and print sharing. If a Windows Platform owner doesn?t disable these services then any one in the world can view what is on their hard drive, install a Backdoor, Trojan Horse or Virtual Private Network. (an elite hackers secret) Passwords don?t mean shit because many applications expose clear text passwords directly on your hard drive. I have a listing of the applications which expose clear text passwords, but if you want to know, purchase my e-book. This topic could go on and on forever and it?s not worth my time to address this issue. Purchase my book and the rest of your question shall be answered. Moving on to paragraph B, the paragraph mentions that the "hackers" are "Previous owners are unaware that the general public, or malicious hackers, are using their old account information, and all vital information that only the customer should know and have." The discussion now moves from free access to an account to access to the ISP's database of customer information. This would involve compromising more than just a logon into a dial-up account. ME: I?m not totally understanding your remarks here. See above remarks. We move on the the statement that previous customer would be liable for any wrongdoing on a closed account. A previous customer would have no liability whatsoever for what happens with a closed account. When an account is closed, the ISP would become the responsible party. ME: Many ISP?s don?t give you a confirmation number when they close your accounts besides AOL that I know of. My point is, the malicious hackers, some working for the 1%er Clubbers continue to use these canceled dial-up accounts and it?s not limited to the time limit an ISP provides. Some ISP?s don?t close the dial-up access and these accounts are being abused, revenue given away for free. Just as I did when testing "my" Cable/DSL dial-up accounts which were still accessible to me for as long as my heart desired. But when the law checks the source of an ISPs communications IP and it links to a specific computer, yours, sorry you?re misinformed. The law will knock on the source not the ISP. Since the hacker is using your computer for abusive purposes, the owner of the computer is responsible. Paragraph C indicates that everyone is vulnerable to the dial-up access since the "hackers" already have the email ID and password. Finally a true statement, If your account has been compromised then you are indeed vulnerable to someone using your account without permission. Hence the need to utilize strong passwords and to change them often. ME: Read earlier remarks and I?m only concerned with canceled Cable/DSL dial-up access which is accessible after a person cancels their account. Paragraph D shows a complete misunderstanding of what a MITM attack is and how it operates. In the scenario shown, the MITM attack would have had to compromise the ISP's server and not the computer of the user to block information from the user to the ISP relating to their network. A MITM attack forces a redirect the connection from one computer to the next by re-routing information to the MITM system. MITM attacks, while possible are also very fragile and typically would not be used in an attempt to block email from a user to an ISP. ME: Read in a few hacker books about a MITM and Loky Servers and how they work. God gave me a gift and when I realized my abuse complaints were coming back "mainly" from many "Loky Servers", this expressed that a MITM was involved. Another sign was not receiving responses from Internet Service Providers with a ticket number. This "told me" the hackers had installed a MITM Server and only the hackers were receiving our mail. DUH! Even e-mails to my friends went unnoticed until I called them on the phone and asked them why they didn?t respond to me and their response was, I never received any mail from you. Many ISP?s I contacted didn?t even realize that when you send in an abuse complaint with a MITM that the complaint would go to the hacker first. They advised us to e-mail them any complaint and we advised them of their ignorance. I decided to give up on either Earthlink or Qwest Security Personal and what a shame. Being a basic computer user, they should know a hell of a lot more about MITM then me. The hacker directs my mail to their server, they read what they want and then forward only what they want to. In the paragraph following D (E??), There is a direct contradiction of the statement in paragraph A that number of ISP's were contacted and all held the same policy of allowing unlimited access to closed accounts via dial-up. The un-lettered paragraph states that only AT&T was contacted but all of the other companies provide dial-up access. ME: At the time only AT&T, Earthlink and Qwest were contacted. Earthlink and Qwest were separate companies, then they merged. At some point during the writing of my book, AT&T discontinued their free dial-up access. The remaining ISPs listed were contacted on the phone pertaining to their dial-up access. Three TOP well known ISPs couldn?t or wouldn?t cancel their dial-up access, so how could you expect small ISPs to do the same. "THE SECOND MILLION DOLLAR EXPOSURE" Once again we find nonsensical sentences like: "On unlimited occasions then you could count, while the system was online, it would freeze or lock-up." A system freezing or locking up can be caused by a number of factors including but not limited to OS issues, software or hardware conflicts, hardware problems etc. Making a correlation between a computer locking up and that same computer being compromised is ludicrous to say the least. Other than being an annoyance, locking up a compromised computer does very little for the "hacker" since a locked up computer is useless while it is in that state. ME: I believe the computer freezing up had to do with us changing between DCHP, PPP and dial-up connections and the settings between the different Internet Service Providers. Most basic computer users wouldn?t be changing their set-ups as often as we did. The Second Million Dollar Exposure wasn?t exposed to me until about a year after I discovered my systems were compromised. The test mentioned here merely shows what MS already told her, that is no charge for connections to multiple email addresses. Interestingly, the "test" mentions access to email accounts only. There is no mention if the "other Tracker" was using their ISP to attach to the MS mail server or if they were connecting via a login. Also, I noticed that there were not simultaneous connections to the SAME email account. Either way, if this is how MS wants to bill their customers, it is not evidence of a "hacker" doing anything to the account. It is merely a benefit of an MSN account and nothing more. Currently Compuserve, AOL and a number of other ISP's allow concurrent acess to member accounts in the same household. This is an indicator that more households have multiple computers that need to be online simultaneously and nothing else. ME: The other Tracker had their own MSN account. An ISP account can only track e-mail addresses, the phone number which the account is accessed from. A Tracker was connecting through their own MSN set-up using my main e-mail account e-mail address. Concurrent doesn?t mean the same as simultaneously at the same time. We both used my main email address and one other e-mail address of the nine addresses MSN provides. We connected at the same time one after the other using both my main e-mail address and one of the other eight e-mail addresses MSN provided. We both live in different states and we still were able to use the same e-mail addresses, simultaneously. No extra bill was sent my way, of which I would have paid. Just because "The Trackers" are friends doesn?t mean any one that is given any of my nine e-mail addresses should be able to connect at the same time. This is allowing hackers and 1%er Clubbers to also use these addresses to log onto Microsoft Networks or Servers which is providing free access to eight other people whom I may or may not know. And don?t forget them Dial-up Servers and pre-paid phone cards the criminals are using. DAMN! The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking, Proxies, The Internet, Trojan Horses, Virtual Private Networks, Virus, Windows and different types of Servers can be found at: http://geocities.com/secure2003flop Tracker Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37517
 - 6
 - Asp.Net.Vulnerability: Asp.Net buffer overflows (potential security problems) Have anybody tested if the latest RPC vulnerabilities can be executed from an Asp.Net page running in an un-patched server? Since it is possible to make direct Win32 API calls from Asp.Net there is a high change that these vulnerabilities will work. If that is possible, please provide the test code in order for me to add it to our ANSA (Asp.Net Security Analyser, see http://www.gotdotnet.com/Community/Workspaces/Workspace.aspx?id=36ae9a2c-8740-4b52-924e-320edf64fba5) so that system administrators can quickly identify the vulnerable servers and patch them. Note that at the moment there is no 'real' solution to disabling Win32 API calls in IIS 5.0 and IIS 6.0. Which means that if these vulnerabilities exist, then it would be a critical problem, because everybody that hosts .Net websites in shared hosting environments would be affected. Best regards Dinis Cruz .Net Security Consultant DDPlus (www.ddplus.net) Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37511
 - 7
 - Asp.Net.Vulnerability: Win32 API calls (potential security problems) Asp.Net.Vulnerability: Win32 API calls (potential security problems) Since win32 calls are supported in Asp.Net and cannot be disabled when the website is running with 'Full trust', it is imperative to identify all potentially dangerous Win32 DLLs. Here is a short list of the ones we have identified whose risk needs to validated and (if required) write test scripts for: - New: CopyMemory, GetCurrentProcess, GetCurrentThread, GetTokenInformation, GetWindowsInformation, isNTAdmin, OpenProcessToken, OpenTheadToken, SendMessage - Compress: CopyLZFile, LZCopy - Crypto: CryptGetUserKey, CryptDestroyKey - Drives: GetLogicalDrives, GetVolumeInformation - EnvironmentVariables: GetEnvironmentString, GetEnvironmentVariable - Error: RaiseExeption, ReportFault, SetLastError - EventLog: OpenEventLog, ClearEventLog, ReportEvent - Exit: ExitWindowsEx, FatalAppExit, InitiateSystemShutdown, LockWorkstation - Files: CopyFile, CreateFile, GetFileAttributes, MoveFile, OpenFile, ReadFile, SetFileAttributes, SetFilePointer, SHGetFileInfo, TouchFileTimes, Writefile, FindFile: FindClose, FindFirstFile, FindNextFile - Heap: GetProcessHeap, HeapAlloc, HeapFree - Hook: CallNextHookEx, SetWindowsHookEx - ICMP: IcmpCreateFile, IcmpSendEcho - INI-Files: GetPrivateProfileSection , GetPrivateProfileString - Internet: FtpGetFile, InternetAttemptConnect, InternetConnect, InternetOpen, InternetOpenURL, InternetaReadFile, IsDestinationReachable, IsNetworkAlive, IsValidURL, URLdownloadtoFile - {List Not completed} Since we are not Win32 API experts (although we did manage to write a test script for the Kernel32 'WinExec' - see bellow) we would like ask for help to the more serious win32 developers which will be able to provide us with much more detailed and accurate information regarding the 'security risk' posed by each API call. The following is the code that we use in ANSA to test if a server is vulnerable. '**************************************************************** ' ANSA:W32_execute_cmd - This test checks if it is possible to execute ' commands on the server using a direct Win32 API call to the ' kernel32 'winExec'function . For this test to work a copy of 'cmd.exe' must ' be copied to the same directory containing this script '**************************************************************** <script runat=server> Declare Function WinExec Lib "kernel32" Alias "WinExec" (ByVal lpCmdLine As String, ByVal nCmdShow As Long) As Long Declare Function CopyFile Lib "kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long public Function Run_test(mode) try Dim winObj, objProcessInfo, item, local_dir, local_copy_of_cmd, Target_copy_of_cmd Dim objStartup, objConfig, objProcess, errReturn, intProcessID, temp_name Dim FailIfExists Dim Cmd_to_execute = "dir" local_dir = left(request.servervariables("PATH_TRANSLATED"), _ inStrRev(request.servervariables("PATH_TRANSLATED"),"\")) local_copy_of_cmd = Local_dir+"cmd.exe" Target_copy_of_cmd = Environment.GetEnvironmentVariable("Temp")+"\_test.exe" ' Copy CMD.EXE to temp directory CopyFile(local_copy_of_cmd, Target_copy_of_cmd,FailIfExists) ' Execute Command and save results in temp file errReturn = WinExec(Target_copy_of_cmd + " /c " + cmd_to_execute, 10) Run_test = OK + Critical +" The server allows the remote execution of commands using a direct call to WinExec API!" catch Run_test = OK + low + "It was not possible to execute commands using cmd.exe" end try end function </script> '**************************************************************** Thanks for the help Best regards Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37509
 - 8
 - i get this on my desktop Hi every week or so..i get a file called ~ on my desktop... i only get it when i have been surfing the net... it is small.84Kb.no signature..no properties. what is it?????? Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37507
 - 9
 - how to install IE security patches remotely i want to remotely install ie security patches and hotfixes to all my users. we have sms, and want to know if there is a way to update all out pcs remotely. we have no budget for this so it has to bee with sms or something that MS offers for free. Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37506
 - 10
 - Asp.Net.Vulnerability: Full Trust (current security problems and possible solutions) At the moment the only method available to disable direct Win32 calls from Asp.Net pages (using for example: " Declare Function WinExec Lib "kernel32" Alias "WinExec" (ByVal lpCmdLine As String, ByVal nCmdShow As Long) As Long") is to reduce the website's trust level from 'Full trust' to 'Medium trust'. Although in some scenarios this is a valid solution, for ISPs this is not acceptable because in the current (V1.1) release of the .Net Framework the following objects don't support partially trusted code (i.e. only work with 'Full trust') - UI - OleDb - EventLog - ODBC - Oracle - MessageQueue - ServiceController - DirectoryService - Performance Counter - Win32 calls required for User Impersonation Although some of this restrictions would even be welcomed (for example MessageQueue or EventLog), today it is unthinkable to offer .Net web hosting services without support for ODBC or OleDB . Most database accesses are programmed using ODBC calls and one of the main reasons for the use the .Net (and previously the .asp) platform was the ease of use and rapid development features of Access and SQL server databases. So, until Microsoft releases the next version of .Net (V2.0) or a patch for this problem, the ISPs and anybody responsible for .Net shared hosting environments, will have to execute their client's website code with 'Full trust'. Given the dangers and risks created by situation (remote command execution, disclosure of usernames and system information, etc... ), the only solution is prevention and detection. After some online research we couldn't find any relevant discussions about this issues, so we would like to propose the following ideas and see if one of them does produce a valid and acceptable solution for this problem: 1) Code Validation - a) Create a tool that executes after all compilation is done (i.e. when IL code is created) but before the IL code is converted to machine code and executed by the OS. This toll would validate the DLLs / EXEs and approve or disapprove its execution based on the calls that are made. For example if a DLL contains a call to the Win32's "winExec" function then (unless the DLL has a special permission) its execution will be denied. b) This tool could be used on 'live' websites or could be used offline (some of this might have to be developed by Microsoft). The offline mode could be part of an 'Approval Mechanism' c) This concept is the same as the one applied by the Anti-Virus software that check for 'dangerous code' (i.e. virus signatures) on files (downloaded from the web, attached to an email or copied to disk) before they are executed by the system. The AV companies should develop such products because they already have the core system, the automatic updates, the report engine, the 24/7 security response teams and the brands. 2) Improved security infrastructure: a) Full daily backups on all data stores b) Monthly re-Builds of all servers (automated procedure) c) ability to rebuild a server in 1h: i) Install OS and applications ii) Install security policies and settings iii) Import databases from backup (or live servers) iv) Add users (if required) v) Assign IPs vi) decommission old server (if still live) and publish rebuilt server without any loss of service d) the ideal situation would be to have the servers in a cluster environment where when one server is rebuilt (due to normal rebuild practices or it was compromised), it can be removed from the network without any loss of service 3) Have one website per virtual server (both running in a main server) a) the idea would be to have the equivalent of VMware where a server would host each website in its own 'virtual' server (like mainframes). This would require a much lighter version of windows 2003 which would have to be designed for such scenario. Another possibility would be to use Linux which will be possible once the porting of the .Net platform is fully completed. 4) Audit Website Folders and Files: a) monitor and audit at OS level (using NTFS) all files that belong to each user by analysing the logs stored in the Event Viewer b) create custom reports per site / per user with details of whom (from the inside) accessed those files 5) Only execute signed and approved code - a) Two server scenario: i) Development server (insecure) ii) Live server (secure) 6) Reduce customer anonymousity - a) Require authorized IPs to edit site b) Require IPSec key to edit site c) Validate identity using Credit Card system and other identity schemes 7) Improve protection of important information (Such as usernames, passwords, database connection strings, database data, etc...) a) Never strore these information in clear text (always stored them encrypted) b) Etc.... Although Asp.Net is a giant leap forward on the technological frameworks required to build more robust and secure web services, unless these applications can be securely hosted, they will never gain public acceptance and wide usage. And unless a solution is found for this 'Full Trust' issue, nobody will be able to provide secure hosting of Asp.Net code. We believe in shared knowledge and the power of peer-review, that is why we published our Asp.Net Security Analyser (see http://www.gotdotnet.com/Community/Workspaces/Workspace.aspx?id=36ae9a2c-8740-4b52-924e-320edf64fba5) as an open source web application, and why we are posting this information online and asking for your ideas and suggestions. Best regards Dinis Cruz dinis@ddplus.net .Net Security Consultant DDPlus (www.ddplus.net) Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37503
 - 11
 - Security patches I have about 20 NT 4.0 boxes w/SP6a that will not install any of the security patches. I have tried going through windows update and receive a message no critial update needed. But I know the OCT 15th patches are not installed Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37491
 - 12
 - Checking the record okay foo, I be check'n stuff and it be down. Be wack just like that when the hat tips da nat. Foo be like...damn. Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37488
 - 13
 - October 15 Security Updates I'm installing Oct 15 Security updates and it has stalled. It's been running over 40 minutes. Has any one else witnessed a problem? Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37487
 - 14
 - SUS 1.0 SP1 & Active Directory Could someone please clarify whether or not Software Update Services 1.0 SP1 can be installed on an Active Directory server? All documentation & discussion groups are vague at best answering this question. Thanks, Roberto Lopez Technology Consultant MMC, Inc. Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37485
 - 15
 - Constant Updates Why are we being told that the constant security updates are a feature? The Microsoft is "getting serious about security"? When I paid $200.00 for this software I, like alot of other users, thought they were serious then. I was a beta tester for XP a few years ago, why does it feel like I still am? And why is Microsoft patting themselves on the back for such a great job? This may be the all-time greatest display of incompetence in the business world, and this company is still successful. We should all be ashamed of ourselves for allowing this to go on, and for sitting here like helpless sheep waiting for the next patch. Where are the class action suits for this company selling us a lemon? Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37483
 - 16
 - Port 135 I have a firewall. But there are times when I have to bring it down since it gets in the way of some other apps. I have Windows 2000/PRO with the latest security patches (except the one just announced, those will be applied tonight). What I still see at times, not all the time, is a port 135 session either established or some other state. Nothing is going on. It just seems like its stuck or something. Again, I have all the RPC, DCOM related security patches. I have used the Microsoft Testing tool and it reports the machine is patched. What's going on here? Also, how can I effectively block port 135 on my machine without having a 3rd party firewall? I know RPC is important and Microsoft depends on it for other stuff, but it is possible to set it up under network settings to block this port without any degradable or problem with Windows itself? Ed Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37482
 - 17
 - KB824105 patch does not install When using updating Windows workstations before deployment the KB824105 patch does not install. Our basic procedure is: 1> install XP 2> make sure all devices are properly setup 3> run XPSP1 setup 4> install any applications 5> patch using windows update 6> then run XPSP1 setup again and deploy. On the fifth step all the critical updates install normally without issue except for the KB824105 patch. We work primarily with refurbished Dell GX100's, GX110's, and GX400's for our XP boxes. Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37481
 - 18
 - Please ,someone help me! My laptop is being hacked daily. I first noticed it yesterday when I attemped to login to Hotmail. First, early one morning I witinessed my screen start o write and different boxex come up and the information was being edited right in front of me. I turned of the computer. Second, I noticed the screens were totally different.. different. At the same time my son was on a different computer (desktop), already logged into Hotmail. What can i do to combat what I precieve to be hackers? I immediately turned off my system . I called my service provider and they told me I was Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37480
 - 19
 - Laptop being Hacked What can I do to combat it? Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37479
 - 20
 - 03041 thur 03045 Can I run this patches back to back with out a reboot? on all OS' Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37467
 - 21
 - Digital Certificate Problem I recently got a new username, old username deleted. Now I can't use a certificate I need for a secure site. I can see the certificate in internet options - content and it appears fine. When I navigate to the site, the popup to choose which certificate to use comes up empty. I am trying to get somebody at the secure site to help on this, but no luck so far so I wanted to see if there might be a way to fix this problem on the client side. Thanks! (OS = Windows XP Pro, browser = IE 6 SP1) Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37465
 - 22
 - diabling network password Until recently I had ppl living in my house and we had seperate logons, now I want them all gone so that I don't have to logon to my own computer at home. Any suggestions? Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37460
 - 23
 - Question about Kerberos ticket forwarding We are trying to authenticate to an applicaftion behind IIS. The scenario is : Win2k Pro with IE 6 ---> IIS + GSS initiator ---> GSS acceptor We log onto Active Directory at workstation, then using IE Kerberos authentication we are able to authenticate to IIS. This is working. We want to use delegation so that our forwarded credentials on IIS server can be used by a GSS-API application that commuicates with GSS-API application on a UNIX host. Since our GSS-API library does not support RC4-HMAC cipher at the moment we are trying to get the forwarded tgt to be created by AD using DES-CBC-MD5 or DES-CBC-CRC. When we change the flag in the account on AD so that the initial tgt is issued with DES key this works, but for some reason the forwarded tgt that is present on IIS server is not using DES and so our GSS application cannot acquire credentials to setup a security context with the GSS acceptor on UNIX. Any ideas ? Tim. Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37458
 - 24
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.10.16 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37456
 - 25
 - 823559: Security Update for Microsoft Windows I do not understand why I continue to receive critical update notification for this update. I have included the number of times I have installed this update, but I continue to receive notice. Any suggestions as to why? Thank you for your assistance. Cheryl Successful Thursday, October 16, 2003 823559: Security Update for Microsoft Windows Web site Successful Wednesday, October 15, 2003 823559: Security Update for Microsoft Windows Web site Successful Wednesday, October 15, 2003 823559: Security Update for Microsoft Windows Web site Successful Tuesday, October 14, 2003 823559: Security Update for Microsoft Windows Web site Successful Tuesday, October 14, 2003 823559: Security Update for Microsoft Windows Web site Successful Tuesday, September 09, 2003 823559: Security Update for Microsoft Windows Web site Successful Saturday, September 06, 2003 823559: Security Update for Microsoft Windows Web site Successful Monday, September 01, 2003 823559: Security Update for Microsoft Windows Web site Successful Sunday, August 31, 2003 823559: Security Update for Microsoft Windows Web site Successful Saturday, August 30, 2003 823559: Security Update for Microsoft Windows Web site Successful Friday, August 29, 2003 823559: Security Update for Microsoft Windows Web site Successful Thursday, August 28, 2003 823559: Security Update for Microsoft Windows Web site Successful Thursday, July 10, 2003 823559: Security Update for Microsoft Windows Web site Tag: Impact on how to keep a blueprint of my Ad structure, network structure on servers Tag: 37455

I work as a sysadmin for a 2,000 node organization. I created documentation
where I list changes on AD structure (such as delegation of rights, schema
modifications, domain admin usernames) and I am wondering how bad would be
keep that word file on a folder where only domain admins could access it. I
would never keep a file with passwords on a networked server and I would
like to confirm how you approach that type of structure information file on
the 'network' ?

Top

Re: Impact on how to keep a blueprint of my Ad structure, network structure on servers by Robert

Robert
Sun Oct 19 05:29:07 CDT 2003

Marlon Brown wrote:
> I work as a sysadmin for a 2,000 node organization. I created
> documentation where I list changes on AD structure (such as
> delegation of rights, schema modifications, domain admin usernames)
> and I am wondering how bad would be keep that word file on a folder
> where only domain admins could access it. I would never keep a file
> with passwords on a networked server and I would like to confirm how
> you approach that type of structure information file on the 'network'
> ?

I wouldn't keep a list of domain admin passwords on the network at all. I'd
print it off and put it in a sealed envelope in a safe thats operated by
someone you trust and which you can get access to, if you must have them
written down like that. If I didn't have a suitable safe (e.g. a
departmental tape safe would do) I'd buy one.

As for the document itself, without the passwords, I would keep it in a
secure folder on a server without too much problems. If you are that worried
you could also save it to a CD/RW or even a USB drive and then place it in
another sealed envelope in that safe I just talked about.

--
--
Rob Moir
Microsoft MVP for servers & security
http://www.robertmoir.co.uk

Top