Preventing use of backdoor

Archived from groups: microsoft.public.win2000.security (More info?)

We are a gentleman's club, with a server and 3 computers networked onsite, and 3 networked computers at the (offsite) main office, all connected via 2 LinkSys boxes.

Windows 2000 on all except the DJ's, which has Windows XP

Had been using a contracted firm to keep our network up, and when we signed the 2nd 6-month agreement, the goal was to 'lock-down' the computers, as some of the manager guys fancied themselves computer gurus, and they were messing around on the computers, downloading from the internet, installing whatever they wanted and generally having a field day at the company's expense. We were constantly having to have the IT firm come out and get something up and going again.

Originally, I wanted the managers to have internet access, as it would really help if they could e-mail stuff to the office, etc., but the company owner was totally opposed to them having any internet anything.

Just happened to be at the club last Friday, and in looking up something else, noticed absolutely nothing had been locked down, the guys were free to do as they pleased, up to and including looking at confidential company data on the main office group - and they weren't supposed to be able to see anything at the main office.

Called in a previous technician to lockdown our system, which it REALLY is now, at least to a casual user; I know more about computers than most of those guys, and I tested all connections to verify what each user could/could not do. Most of the guys know just enough to send e-mail, and surf for pictures; one guy knows very little, and kept saving his sales reports to his Desktop.

Left the club yesterday morning, after some minor tweaking; at that point, the DJ computer did not have a password. Got a call this a.m., saying they couldn't get into the DJ computer, because they didn't know what the password was. Explained we hadn't assigned the DJ's log-on a password, but they were adamant there was one on it.

Fortunately, our tech was able to run right over, and it took him all of 30 seconds to remove it by signing on as admin. My worry is these managers are nowhere near professional; the daytime manager was thoroughly hacked at losing his internet access. We were in the process of properly disconnecting one of the onsite computers' internet access via Admin & permission settings, when I found out he had been going out on the internet on that computer. Thinking he was monitoring industry websites, I asked him why he needed access, and he just bit out, "Because I need to get on the internet." When I told him the choice had not been mine, but the boss's orders, he just glared at me like he thought I was lying, and literally stomped out of the office.

Also yesterday, I met the new daytime assistant manager, and through word-of-mouth,was told he has a 4-yr degree in computer networking, and is certified by Microsoft for whatever. He and the shift manager tried to volunteer his computer expertise, but I am very leery of having any onsite manager mess with the network, because:
1) These guys, overall, have always been very unprofessional, and if he got hacked off, he could do really major damage to our network; and
2) Again, because they are unprofessional, they would probably set-up the computers to whatever THEY wanted the network to do, and we would be back at square one, with everyone playing around at the company's expense.

Found out this morning, he claims he, by virtue of being certified, can get backdoor access to the Windows 2000 machines. This came out after they finally called to say they couldn't get into the DJ's computer, so there was no music happening at the club. The kicker is, the DJ is supposed to start his thing at 11:00 sharp, and if they truly couldn't get on his computer, they would have been screaming at me on the phone at around 10:45, 10:50 at the latest, yet they didn't call until 11:30, so now I am left to worry what they were up to on the computers for 30+ minutes, especially now with Mr. I-Know-Enough-About-All-This-To-Make-The-BIG-Bucks-(But-I'm-Working-As-An-Underling-At-A-Topless-Bar).

These guys cause enough soap operatic drama to my life as it is; can he really hack in and get my Admin passwords?
2 answers Last reply
More about preventing backdoor
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Wow, thanks for the story!

    Bottom line is that anyone who can get unfettered physical access to a computer can
    hack the operating system. The easiest way is to boot from a floppy or cdrom with a
    free downloadable utility and reset the built in administrators account. The built in
    administrators account can then reconfigure anything on the computer and install
    password crackers to retrieve other users passwords on that computer. The only thing
    that an administrator might not be able to access is encrypted data if the encryption
    keys for the user and any recovery agent are not on the computer.

    http://www.petri.co.il/forgot_administrator_password.htm --- this should give you
    heartburn.
    http://www.oxid.it/cain.html -- free password cracker.

    So to secure a computer it needs to be locked up which may mean in an office, a cage,
    or some container that does not have any cables from USB/Firewire coming out of it.
    You can also password protect access to the operating system itself by using syskey
    option to require a password or the operating system will not load [run syskey at
    command prompt]. Of course that may not prevent someone from reinstalling the
    operating system or installing a parallel operating system by rebooting from the
    cdrom. Good luck. --- Steve


    "Da bookie :)" <Da bookie :)@discussions.microsoft.com> wrote in message
    news:11F32B8C-D4B2-4E21-9F63-EE0264F59233@microsoft.com...
    > We are a gentleman's club, with a server and 3 computers networked onsite, and 3
    networked computers at the (offsite) main office, all connected via 2 LinkSys boxes.
    >
    > Windows 2000 on all except the DJ's, which has Windows XP
    >
    > Had been using a contracted firm to keep our network up, and when we signed the 2nd
    6-month agreement, the goal was to 'lock-down' the computers, as some of the manager
    guys fancied themselves computer gurus, and they were messing around on the
    computers, downloading from the internet, installing whatever they wanted and
    generally having a field day at the company's expense. We were constantly having to
    have the IT firm come out and get something up and going again.
    >
    > Originally, I wanted the managers to have internet access, as it would really help
    if they could e-mail stuff to the office, etc., but the company owner was totally
    opposed to them having any internet anything.
    >
    > Just happened to be at the club last Friday, and in looking up something else,
    noticed absolutely nothing had been locked down, the guys were free to do as they
    pleased, up to and including looking at confidential company data on the main office
    group - and they weren't supposed to be able to see anything at the main office.
    >
    > Called in a previous technician to lockdown our system, which it REALLY is now, at
    least to a casual user; I know more about computers than most of those guys, and I
    tested all connections to verify what each user could/could not do. Most of the guys
    know just enough to send e-mail, and surf for pictures; one guy knows very little,
    and kept saving his sales reports to his Desktop.
    >
    > Left the club yesterday morning, after some minor tweaking; at that point, the DJ
    computer did not have a password. Got a call this a.m., saying they couldn't get
    into the DJ computer, because they didn't know what the password was. Explained we
    hadn't assigned the DJ's log-on a password, but they were adamant there was one on
    it.
    >
    > Fortunately, our tech was able to run right over, and it took him all of 30 seconds
    to remove it by signing on as admin. My worry is these managers are nowhere near
    professional; the daytime manager was thoroughly hacked at losing his internet
    access. We were in the process of properly disconnecting one of the onsite computers'
    internet access via Admin & permission settings, when I found out he had been going
    out on the internet on that computer. Thinking he was monitoring industry websites,
    I asked him why he needed access, and he just bit out, "Because I need to get on the
    internet." When I told him the choice had not been mine, but the boss's orders, he
    just glared at me like he thought I was lying, and literally stomped out of the
    office.
    >
    > Also yesterday, I met the new daytime assistant manager, and through
    word-of-mouth,was told he has a 4-yr degree in computer networking, and is certified
    by Microsoft for whatever. He and the shift manager tried to volunteer his computer
    expertise, but I am very leery of having any onsite manager mess with the network,
    because:
    > 1) These guys, overall, have always been very unprofessional, and if he got hacked
    off, he could do really major damage to our network; and
    > 2) Again, because they are unprofessional, they would probably set-up the computers
    to whatever THEY wanted the network to do, and we would be back at square one, with
    everyone playing around at the company's expense.
    >
    > Found out this morning, he claims he, by virtue of being certified, can get
    backdoor access to the Windows 2000 machines. This came out after they finally
    called to say they couldn't get into the DJ's computer, so there was no music
    happening at the club. The kicker is, the DJ is supposed to start his thing at 11:00
    sharp, and if they truly couldn't get on his computer, they would have been screaming
    at me on the phone at around 10:45, 10:50 at the latest, yet they didn't call until
    11:30, so now I am left to worry what they were up to on the computers for 30+
    minutes, especially now with Mr.
    I-Know-Enough-About-All-This-To-Make-The-BIG-Bucks-(But-I'm-Working-As-An-Underling-A
    t-A-Topless-Bar).
    >
    > These guys cause enough soap operatic drama to my life as it is; can he really hack
    in and get my Admin passwords?
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    This is what happens when non-professional IT people are looking after
    a network. I find it telling that the boss decided on his own there
    should not be "Internet anything" even though email access would be
    useful, obviously without consulting a professional, 'cause it would
    be extremely easy to give users email access without www access using
    POP accounts. Particularly so as you have a server - makes me wonder
    what it is serving.

    Anyway, the point is the boss should put some time and effort into
    finding and qualifying a good, professional IT company that will
    configure and maintain the system to the specifications they develop
    together. This is all the boss's fault, IMO.

    As to whether they could hack your system - sounds like 'hack' is
    overkill - the system is probably not secured properly - nothing to
    hack - just poke around and get in.

    Peter


    On Wed, 28 Jul 2004 17:18:10 -0700, Da bookie :) <Da bookie
    :)@discussions.microsoft.com> wrote:

    >We are a gentleman's club, with a server and 3 computers

    [snip]
Ask a new question

Read More

Computers Windows