Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Networks

  • 26-08-2005 1:29pm
    #1
    honeymonster
    Registered Users, Registered Users 2 Posts: 601 ✭✭✭


    I have a quick question for you knowlegable people, nobody else seem to be able to give me a solid answer. My uncle runs a small firm with all the computers hooked up to network. The people who work for him have different levels of access to different areas of the network. I was havin a chat with him during the week and he casually mentioned that he thinks some of the new staff may have gotten an admin login & pass. But he had the guy who setup the network (he doesnt have an in house admin, company is too small to justify it) to have a look at the times high level people logged in and it all seemed to check out. I dont have a clue about networks but is there a way someone could delete the record of when they logged in?? Or if they brought in a laptop and logged onto the network that way would that hide from where they logged in. I think he's running win pro. Basically is there anyway to catch someone once the have a login and password cause he said he was thinkin of gettin all the login passwords changed.

    Cheers,

    Thanks for your help


Comments

  • #2
    Blub2k4
    Closed Accounts Posts: 3,733 ✭✭✭Blub2k4


    It would be possible to change the audit trail but the person would have to be a bit knowledgeable, and without knowing what type of network or what systems are running on it ( I assume windows domain?) it is possible to clean up after you have made a successful intrusion, the basis of rooting the box(gaining root user access in unix/linux) is in effect to achieve the highest level of privilege where you can then change details of your visit, among other things.
    If the accesses have been checked by an IT bod the chances are that nothing is amiss.
    I'm not sure what software is available to delete an audit trail but I think it would have to be automated as your average office employee would not have the knowledge or he would be the one doing the IT in that company or working somewhere else for large money as a sysadmin.
    All in all if it checked out after a security audit then I wouldn't worry too much.

    Out of interest why does he think that they have admin rights?
    It is easy enough to get local admin on a windows machine with a linux boot disk and change the local password, but as soon as they log into the domain again they are on domain rules and access would be again limited.


Advertisement