don't get caught with your floppy out....
Results 1 to 4 of 4

Thread: don't get caught with your floppy out....

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    don't get caught with your floppy out....

    floppies are much a thing of the past but they are still an often overlooked entry point

    this is most important in a networked corporate situation...and the specifics apply to nt/wk/xp systems. linux users can extrapolate and win9x people...well..you're so insecure...why bother

    note: your screw ups are your own...don't blame me...especially if your messing with AD...hehe


    first...the why:

    1] http://www.antionline.com/showthread...hreadid=231977

    2] "i just brought in some pictures from home...i didn't know i had a virus..i'm really sorry it sent out that confidential memo..really"

    3] http://home.eunet.no/~pnordahl/ntpasswd/
    "This is a utility to (re)set the password of any user that has a valid (local) account on your NT system, by modifying the crypted password in the registrys SAM file.
    You do not need to know the old password to set a new one. "

    3] unsecured access point is a baaad thing...you could lose trade secrets, passwords...anynumber of things

    second....the how:

    You have a variety of options.

    Hardware
    ==========================
    1] The most secure is to simply remove the drive altogether. I have a stack of 3.5 drives in my parts closet. No one on my network needs floppy access so i make sure they can't.

    2] have floppies in locking cases on servers


    Middleware - the BIOS
    ==========================
    1] set the boot sequence to c: only. this will NOT prevent someone from accessing the drive once the system has started but if you have strong password security it will help prevent exploits as in #3 above. Note it's important to password protect your BIOS to make it hard for someone to boot to the BIOS setup and change the settings back to a: C: etc...of course unless you have a locked case, someone can open the case and disconnect the battery to erase the BIOS...

    2] aside: while you are in the BIOS, disabling the floppy seek on boot setting will speed up your boot sequence. it will NOT provide any additonal security.

    Software - OS level
    ==========================
    1] Disable floppy drive in Device Manager (requires admin rights)

    2] you can also "share" the drive and set permissions to admins only

    these 2 work ok if you have a few systems but requires you to visit each station. for larger networks and/or lazy admins...

    3] set a group policy via Active Directory

    - active directory users and computers
    - right click on your domain
    - select properties/group policy/edit
    - user configuration/windows explorer
    - hide these specified drives in My Computer a: enabled
    - prevent access to drives from my computer a: enabled
    - apply
    - next gp refresh the drives will be inaccessible

    except for actually removing the drives, there are likely ways around all of these hints, however they will substanitally increase the amount of time it takes to compromise your systems...and sometimes that's enough.
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Member
    Join Date
    Jul 2002
    Posts
    45
    Nice title, quite original

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    518

    Re: don't get caught with your floppy out....

    Originally posted here by zigar
    [first...the why:

    1] http://www.antionline.com/showthread...hreadid=231977

    [/B]
    *BIG grin* that was just funny
    Nice shot Zigar.
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  4. #4
    Senior Member
    Join Date
    Jun 2002
    Posts
    104
    This is really useful, and clearly stated. Thanks!

    XXX
    [gloworange]The Owls Are Not What They Seem[/gloworange]


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •