Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

gaining access to a server

  • 12-12-2006 3:29pm
    #1
    Registered Users, Registered Users 2 Posts: 1,257 ✭✭✭


    Can anyone make any suggestions
    Am dealing with a little sensitive issue. I work in a relatively small company and I think that someone may be gaining access to a server that they shouldn’t be. There are obviously two problems – they can get access and what to do next in terms of ‘policy’ (what we do etc from here)

    Anyone suggest a company that could give me a dig out?


Comments

  • Registered Users, Registered Users 2 Posts: 598 ✭✭✭arseagon


    First things first, change the passwords on the server in question. There's no point in having sensitive data on open or poorly passworded shares and then wondering why people are able to access it.

    Second, do you want to confront the people accessing the data? If so be very sure of your facts before you do. confrontations with staff can turn nasty if not done properly. Basically you're going to need proof and that can't always be the easiest to get if the person knows how to cover their tracks.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,567 Mod ✭✭✭✭Capt'n Midnight


    check with HR to see what people have signed

    what OS ?

    if windows turn on auditing on the folders in question
    also tighten up logon hours

    use cacls to get a list of who is allowed see what, and to lock down permissions - talk to the data owner - let them decide who should see data or not.

    if you suspect they are using another users password or pc it gets difficult


  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    If your looking for a company to create a server policy, access policy and lock down your server. Try RITS Ireland, very nice helpfull people they can walk you though the whole process.

    It will cost you though.

    You could of course just enable Auditing on your important folders and see who is logging on / off and accessing different files and folders.

    Sorry just reread Capt'n Midnights post, what he said :)


  • Closed Accounts Posts: 7,230 ✭✭✭scojones


    Firstly, check to see what services are running on the machine. Take note of the versions and check for existing vulnerabilities and exploits. Then check who is logged in now, is everyone that is logged in supposed to be? Check who has a remote session to the machine. Check the logs (/var/log/ on Linux/Unix) for anything suspicious. Confirm that the likes of ps, w, ls, et al are all reporting proper results. Check all the accounts on the system, make sure nobody has given themselves super user privs. Change all the passwords, make sure no unauthorised services are running. Ensure nothing has been backdoored (ssh for example). Do a search on the local HDD for files with the +s bit assigned and verify that none of these are hidden little root shells. There's hundreds of things you can do. If you're running a web server, check the web server logs and ensure that all cgi scripts are safe, i.e do not allow command execution.


  • Registered Users, Registered Users 2 Posts: 1,257 ✭✭✭blue4ever


    thanks very much all

    No - Whilst there is indeed a need to review policy, completely, I think that we are 'closing the stable door....'

    We are nearly 100% that an individual has been messing around and possible copied a file or two. What I need now is someone to go in and trace this – giving us proof sufficient to reprimand or stronger that person. Where do I start – I obviously want this hus hush and (unfortunately!) cheap


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    We are nearly 100% that an individual has been messing around and possible copied a file or two. What I need now is someone to go in and trace this – giving us proof sufficient to reprimand or stronger that person. Where do I start – I obviously want this hus hush and (unfortunately!) cheap

    Unfortunatly they dont go hand in hand. You are now looking for Forensics to be carried out on your server. This can be a costly and time consuming process espically if you plan to use this as evidence.

    I would contact Espion (www.espion.ie) they seem to do quite alot of forensic work, you can get a quote either way and then decide.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,567 Mod ✭✭✭✭Capt'n Midnight


    use forensics on the destination, "whats this file doing in your recycle bin, eh ?"

    ideally you could boot up with a live CD and backup the entire hard drive, clone it , but not using ghost or partimage as they only backup sectors with files in them, and then search it

    you could also check/setup printer logs


  • Registered Users, Registered Users 2 Posts: 5,335 ✭✭✭Cake Fiend


    use forensics on the destination, "whats this file doing in your recycle bin, eh ?"

    Probably the best plan here, seeing as there was probably not much logging going on before/during the act.


  • Registered Users, Registered Users 2 Posts: 11,205 ✭✭✭✭hmmm


    Forget about technology for a minute - firstly decide whether on the basis of this you will want to take disciplinary action. If you do, then I would advise you get some expert advice or you may find yourself up in front of a tribunal or a court if the employee decides to challenge you. Some companies have been mentioned in this thread and won't cost you an arm and a leg for advice - for them to do forensics may be a different matter ;)


Advertisement