Sign in with
Sign up | Sign in
Your question

Preventing use of backdoor

Last response: in Windows 2000/NT
Share
Anonymous
July 28, 2004 9:18:10 PM

Archived from groups: microsoft.public.win2000.security (More info?)

We are a gentleman's club, with a server and 3 computers networked onsite, and 3 networked computers at the (offsite) main office, all connected via 2 LinkSys boxes.

Windows 2000 on all except the DJ's, which has Windows XP

Had been using a contracted firm to keep our network up, and when we signed the 2nd 6-month agreement, the goal was to 'lock-down' the computers, as some of the manager guys fancied themselves computer gurus, and they were messing around on the computers, downloading from the internet, installing whatever they wanted and generally having a field day at the company's expense. We were constantly having to have the IT firm come out and get something up and going again.

Originally, I wanted the managers to have internet access, as it would really help if they could e-mail stuff to the office, etc., but the company owner was totally opposed to them having any internet anything.

Just happened to be at the club last Friday, and in looking up something else, noticed absolutely nothing had been locked down, the guys were free to do as they pleased, up to and including looking at confidential company data on the main office group - and they weren't supposed to be able to see anything at the main office.

Called in a previous technician to lockdown our system, which it REALLY is now, at least to a casual user; I know more about computers than most of those guys, and I tested all connections to verify what each user could/could not do. Most of the guys know just enough to send e-mail, and surf for pictures; one guy knows very little, and kept saving his sales reports to his Desktop.

Left the club yesterday morning, after some minor tweaking; at that point, the DJ computer did not have a password. Got a call this a.m., saying they couldn't get into the DJ computer, because they didn't know what the password was. Explained we hadn't assigned the DJ's log-on a password, but they were adamant there was one on it.

Fortunately, our tech was able to run right over, and it took him all of 30 seconds to remove it by signing on as admin. My worry is these managers are nowhere near professional; the daytime manager was thoroughly hacked at losing his internet access. We were in the process of properly disconnecting one of the onsite computers' internet access via Admin & permission settings, when I found out he had been going out on the internet on that computer. Thinking he was monitoring industry websites, I asked him why he needed access, and he just bit out, "Because I need to get on the internet." When I told him the choice had not been mine, but the boss's orders, he just glared at me like he thought I was lying, and literally stomped out of the office.

Also yesterday, I met the new daytime assistant manager, and through word-of-mouth,was told he has a 4-yr degree in computer networking, and is certified by Microsoft for whatever. He and the shift manager tried to volunteer his computer expertise, but I am very leery of having any onsite manager mess with the network, because:
1) These guys, overall, have always been very unprofessional, and if he got hacked off, he could do really major damage to our network; and
2) Again, because they are unprofessional, they would probably set-up the computers to whatever THEY wanted the network to do, and we would be back at square one, with everyone playing around at the company's expense.

Found out this morning, he claims he, by virtue of being certified, can get backdoor access to the Windows 2000 machines. This came out after they finally called to say they couldn't get into the DJ's computer, so there was no music happening at the club. The kicker is, the DJ is supposed to start his thing at 11:00 sharp, and if they truly couldn't get on his computer, they would have been screaming at me on the phone at around 10:45, 10:50 at the latest, yet they didn't call until 11:30, so now I am left to worry what they were up to on the computers for 30+ minutes, especially now with Mr. I-Know-Enough-About-All-This-To-Make-The-BIG-Bucks-(But-I'm-Working-As-An-Underling-At-A-Topless-Bar).

These guys cause enough soap operatic drama to my life as it is; can he really hack in and get my Admin passwords?

More about : preventing backdoor

Anonymous
July 29, 2004 8:46:14 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Wow, thanks for the story!

Bottom line is that anyone who can get unfettered physical access to a computer can
hack the operating system. The easiest way is to boot from a floppy or cdrom with a
free downloadable utility and reset the built in administrators account. The built in
administrators account can then reconfigure anything on the computer and install
password crackers to retrieve other users passwords on that computer. The only thing
that an administrator might not be able to access is encrypted data if the encryption
keys for the user and any recovery agent are not on the computer.

http://www.petri.co.il/forgot_administrator_password.ht... --- this should give you
heartburn.
http://www.oxid.it/cain.html -- free password cracker.

So to secure a computer it needs to be locked up which may mean in an office, a cage,
or some container that does not have any cables from USB/Firewire coming out of it.
You can also password protect access to the operating system itself by using syskey
option to require a password or the operating system will not load [run syskey at
command prompt]. Of course that may not prevent someone from reinstalling the
operating system or installing a parallel operating system by rebooting from the
cdrom. Good luck. --- Steve



"Da bookie :) " <Da bookie :) @discussions.microsoft.com> wrote in message
news:11F32B8C-D4B2-4E21-9F63-EE0264F59233@microsoft.com...
> We are a gentleman's club, with a server and 3 computers networked onsite, and 3
networked computers at the (offsite) main office, all connected via 2 LinkSys boxes.
>
> Windows 2000 on all except the DJ's, which has Windows XP
>
> Had been using a contracted firm to keep our network up, and when we signed the 2nd
6-month agreement, the goal was to 'lock-down' the computers, as some of the manager
guys fancied themselves computer gurus, and they were messing around on the
computers, downloading from the internet, installing whatever they wanted and
generally having a field day at the company's expense. We were constantly having to
have the IT firm come out and get something up and going again.
>
> Originally, I wanted the managers to have internet access, as it would really help
if they could e-mail stuff to the office, etc., but the company owner was totally
opposed to them having any internet anything.
>
> Just happened to be at the club last Friday, and in looking up something else,
noticed absolutely nothing had been locked down, the guys were free to do as they
pleased, up to and including looking at confidential company data on the main office
group - and they weren't supposed to be able to see anything at the main office.
>
> Called in a previous technician to lockdown our system, which it REALLY is now, at
least to a casual user; I know more about computers than most of those guys, and I
tested all connections to verify what each user could/could not do. Most of the guys
know just enough to send e-mail, and surf for pictures; one guy knows very little,
and kept saving his sales reports to his Desktop.
>
> Left the club yesterday morning, after some minor tweaking; at that point, the DJ
computer did not have a password. Got a call this a.m., saying they couldn't get
into the DJ computer, because they didn't know what the password was. Explained we
hadn't assigned the DJ's log-on a password, but they were adamant there was one on
it.
>
> Fortunately, our tech was able to run right over, and it took him all of 30 seconds
to remove it by signing on as admin. My worry is these managers are nowhere near
professional; the daytime manager was thoroughly hacked at losing his internet
access. We were in the process of properly disconnecting one of the onsite computers'
internet access via Admin & permission settings, when I found out he had been going
out on the internet on that computer. Thinking he was monitoring industry websites,
I asked him why he needed access, and he just bit out, "Because I need to get on the
internet." When I told him the choice had not been mine, but the boss's orders, he
just glared at me like he thought I was lying, and literally stomped out of the
office.
>
> Also yesterday, I met the new daytime assistant manager, and through
word-of-mouth,was told he has a 4-yr degree in computer networking, and is certified
by Microsoft for whatever. He and the shift manager tried to volunteer his computer
expertise, but I am very leery of having any onsite manager mess with the network,
because:
> 1) These guys, overall, have always been very unprofessional, and if he got hacked
off, he could do really major damage to our network; and
> 2) Again, because they are unprofessional, they would probably set-up the computers
to whatever THEY wanted the network to do, and we would be back at square one, with
everyone playing around at the company's expense.
>
> Found out this morning, he claims he, by virtue of being certified, can get
backdoor access to the Windows 2000 machines. This came out after they finally
called to say they couldn't get into the DJ's computer, so there was no music
happening at the club. The kicker is, the DJ is supposed to start his thing at 11:00
sharp, and if they truly couldn't get on his computer, they would have been screaming
at me on the phone at around 10:45, 10:50 at the latest, yet they didn't call until
11:30, so now I am left to worry what they were up to on the computers for 30+
minutes, especially now with Mr.
I-Know-Enough-About-All-This-To-Make-The-BIG-Bucks-(But-I'm-Working-As-An-Underling-A
t-A-Topless-Bar).
>
> These guys cause enough soap operatic drama to my life as it is; can he really hack
in and get my Admin passwords?
Anonymous
July 29, 2004 10:03:28 PM

Archived from groups: microsoft.public.win2000.security (More info?)

This is what happens when non-professional IT people are looking after
a network. I find it telling that the boss decided on his own there
should not be "Internet anything" even though email access would be
useful, obviously without consulting a professional, 'cause it would
be extremely easy to give users email access without www access using
POP accounts. Particularly so as you have a server - makes me wonder
what it is serving.

Anyway, the point is the boss should put some time and effort into
finding and qualifying a good, professional IT company that will
configure and maintain the system to the specifications they develop
together. This is all the boss's fault, IMO.

As to whether they could hack your system - sounds like 'hack' is
overkill - the system is probably not secured properly - nothing to
hack - just poke around and get in.

Peter





On Wed, 28 Jul 2004 17:18:10 -0700, Da bookie :)  <Da bookie
:) @discussions.microsoft.com> wrote:

>We are a gentleman's club, with a server and 3 computers

[snip]
!