-
January 24th, 2006, 01:38 PM
#11
Asp Old Man....
You're thinking a little too deeply maybe....
It really doesn't matter why X wouldn't give Z his password. It matters somewhat that Z tried to socially engineer your system and that X abetted in that act but you are trotting off down a series of complex and time consuming "alleyways" when the answer may quite well be relatively simple.
If you are a Windows domain you can create OU's for the different locations and delegate a person in each location as a "local admin" - (They only have admin rights in their own OU). Then, if a user needs this kind of thing in the future they simply go to the delegate and request permission be granted to that file or that the file be moved/copied to an accessible location. The delegate can also reset passwords etc. if necessary.
Does that work? Small amount of training and you have beaten this issue...
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 24th, 2006, 01:51 PM
#12
I know i will get flamed for this but i can not resist. I recently read the book written
by Kevin Mitnick called Art of Deception. And he has some really good
ideas on preventing Social Engineering attacks. It was a fascinating read
i think it would give you a few good ides on how try an prevent these type
of attacks from happening.
----------------------------------------------------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said a faster horse." ~ Henry Ford
-
January 24th, 2006, 03:02 PM
#13
Thanks TS. I think the only thing against your suggestion is a lack of an audit trail on those remote admins. We have something that will be in place soon to do just that. We're having Quest InTrust installed which provides a lot of simplified reports from the servers and would allow the auditing the activites of any remote admins.
I don't know how my boss and the Infrastructure Manager would feel about giving out delegate admin priviledges even though it would be restricted to an OU. But with adequate controls in place to keep everyone happy it would most likely do the trick.
Please feel free to be smug
bAgZ - I know of the book but it's not one I've read yet, worth a mention though ta.
-
January 24th, 2006, 03:04 PM
#14
Er... I think you know I'm a smug old bastige at the best of times....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|