February 4th, 2005 04:52 PM
A few general questions
Hi, I am new in here and the security world and stuff I hope some of you will answer a few of my questions and satisfy my curiosity
1. If I am the admin of a win2k domain is there any way to change all the local computer's administrator's password other than going to each pc and changing it or remote controlling everyone and changing it...?
2. Is there any way of logging all connections and/or files accessed on a win2k pro/server pc? Event viewer is'nt exactly helpful :/
3. Is a proxy server which blocks stuff by detecting words secure enough? Is there any way to bypass it?
Lastly since I have almost zero knowledge of routers and stuff and I heard cisco is the preffered one around, is there any specific suff for me to read and/or are there any free router/firewall simulators or something to d/l and practise on?
February 4th, 2005 07:50 PM
1. You could write a batch file, then send it out to all computers and set them to run on the next startup. There was a post within the last few days about this, just look around a bit. I think it was tigershark who answered it very well.
2. You should be able to log the connections on most midranged routers if im not mistaken. as far as iles accessed goes I cant think of a way off the top of my head, without buy some thrid party software.
3. There is ALWAYS a way around things. and it depends on what you mean by "secure enough" what is it you are trying to stop.
visit the cisco website they have TONS of documentation. Id pick up a few CCNA or Network + books. CCNA will give you a damn good start on networking Network + will get you with the basics.
February 5th, 2005 04:04 AM
1. If it is a Win2K domain, then it should be Active Directory based. Unless of course you have some NT4 domain controllers. If you have Active Directory, you can create a Group Policy to change the local administrator password on all machines connected to the domain. You can rename the local administrator account as well. Do a search on "Group Policy Management" on Google, and it should return a ton of hits to sites that can explain it in great detail.
2. For logging access to files on a particular machine, you will have to enable auditing in the machine's local security policy. Or, you can enable domain wide auditing through a group policy object. Keep in mind that logging successful file accesses will create some massive security logs. As for logging all connections to your machine; it depends on how granular you want to get. If you just want to see an originating IP address or host name, then get a basic desktop firewall package like ZoneAlarm, and just have it log accesses. XTC was dead on in answering this question for you. Any decent router out there can log access to any box it routes for. A basic syslog server that the router can send its logs to will do the job. I use Kiwi's syslog software at work and it is pretty decent considering it is free. The registered version is well worth the $99 USD they charge.
3. Word filtering is marginally effective. Any decent spammer out there can defeat most context filters. What kind of proxy server are you using?
February 5th, 2005 09:02 AM
Cisco comes highly recommended from me. I have a cisco 2800 switch, and a cisco 4000 router (and that is only my home network!). Learn the cisco IOS (it isn't that hard) and it makes all thier routers/switches/hubs/firewalls VERY configurable.
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
February 7th, 2005 05:18 PM
Thanx for the replies guys, I lam currently in the tech support/administration department in a network of 700+ computers, I can't make any decesions since I work there for another company but the practices are a bit weird as in all 8 admins had to go to each pc and change the local admin's password over a period of a week after working hours, I would have thought the main admins should have known about this......
Also suppose my computer is a standalone one without a router and I want to log all access to my box, sorta like a firewall but one which only listens....
BTW what's cisco IOS??
Anyways I was interested in the security stuff and the stuff used in the company intrigues me, can't ask too many q's since I am supposed to do my job in there :/
February 8th, 2005 01:26 AM
I misspoke, you can only change the local admin name in a group policy. You can't change the local admin password. You could however, utilize the AT scheduler and change it that way with a "net user" command. That way you would not have to physically go to each machine.
As for the Cisco IOS, that is the operating system Cisco uses for it's routers and switches. Its all command line based, but some of their switches and PIX firewalls have GUI based administration as well. IOS is Internet Operating System.
March 5th, 2005 02:19 PM
Will the net user command be successful even if a power user logs on? If not, I don't suppose there's any way to do it......? :/
March 10th, 2005 03:30 AM
Just make a batch file that runs the net user command to change your local admin password. Copy the batch file to the destination machines and use the AT scheduler to run the program as an administrator. That should do the trick.