Re: physical security
From: Ulf B. Simon-Weidner [MVP] (nospam2-ulf_at_usw-consulting.com)
Date: 10/23/04
- Next message: Al Mulnick: "Re: physical security"
- Previous message: Ulf B. Simon-Weidner [MVP]: "Re: Upgrading to 2003 AD"
- In reply to: Z: "physical security"
- Next in thread: Al Mulnick: "Re: physical security"
- Reply: Al Mulnick: "Re: physical security"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 23 Oct 2004 13:10:12 -0700
"Z" <z@hotmail.com> wrote in message
news:eWKHxGTuEHA.3016@TK2MSFTNGP12.phx.gbl:
> Hi All,
>
> Earlier I heard about that the offline Active Directory database attack is
>
> possible and some tool is availabel to this attack.
> I would like to read more about this attack surface. Can someone point me
> to
> the right direction?
> I think it is a real threat in a branch-office environment, where is the
> physical security insufficient.
>
Hello Z.,
You'd be able to hack any machine if you have offline access to it.
Only using Hardware HDD Encryption Technologies makes it much harder.
Any client you have will expose all it's local used accounts if a
hacker gets it (e.g. Service Accounts for Software Distribution which
runs under Domain Administrator rights,...), and a DC holds all
accounts of a company so it exposes all if it's hacked.
You do not even need to get into the database, you'd be able to hack a
DC which you have physical access and run a brute force attack against
all accounts.
-- Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner WebSite: http://www.windowsserverfaq.org
- Next message: Al Mulnick: "Re: physical security"
- Previous message: Ulf B. Simon-Weidner [MVP]: "Re: Upgrading to 2003 AD"
- In reply to: Z: "physical security"
- Next in thread: Al Mulnick: "Re: physical security"
- Reply: Al Mulnick: "Re: physical security"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
