| Author |
 Topic  |
|
laser
Advanced Member
Australia
3859 Posts |
 Posted - 25 October 2004 : 10:14:09
|
No ostrich approach at all :
quote:
1.Windows 2000 Guest account enabled on all computers.
2.All users have full Read/Write access to c:.
3.If you connect to the network without one of their computers, there is no proxy server enforced.
4.All data on all ports is allowed, no attempt to block MSN and AIM clients.
5.Access to installation service is granted to all users.
6.I can jump down to command.com and and run commands.
7.If I kill off explorer.exe, then restart it, I have right-click enabled, and I can use 'Windows Explorer' to move around the hard disk and edit security permissions.
8.If I shell("cmd.exe /k <command>") I can run any command once, and get the output before cmd.exe says that it has been disabled by the administrator.
9.Any system files can be modified by any user.
then you say
quote:
I could prevent all those things, they don't even make an attempt at security. THAT is why I say I'm better qualified to run this network.
I'd like to see how you enforce 3, but there could be a way.
The others ... if their firewalls are good (maybe they spend all their time on that), then the others are less important.
It really just depends on how anal you want to get with your SOE. I've seen the polar opposites : no cmd.exe; no start>run, no explorer, no nothing and you can't really work at all - I could still connect my machine and have no web proxy and full access because I had explorer.
Other companies, I didn't need my laptop because I had enough access to install what I wanted, etc.. |
 |
|
|
Dave.
Senior Member
USA
1037 Posts |
Posted - 25 October 2004 : 15:15:57
|
At work, we enforce #3.
Internet Gateway <> Firewall <> Proxy <> Routers. There is no way to get to the internet without going through our proxy server (unless you hack through it I guess).
I'm not saying that they can do everything, but I should not have access to the /WINNT folder, and be able to logon as guest. I somehow doubt that they have good firewalls. :/
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 25 October 2004 : 16:07:35
|
Is this a discussion on how technically good they are, or on a purported violation of your rights? Frankly it looks like you know you did wrong (why would you panic if you were at ease about what you were doing?) and now it looks like you're just trying to depict them as morons as a way to remove attention from your own behavior.
I tell ya that you are sounding like some of those guys who hack into someone else's system just because they are "stupid enough" not to protect themselves as they should. Anytime you write, the image you give from your behavior does not improve. Just let it go. You did wrong, period. That should be the end of it. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
cladon
Junior Member
Belgium
110 Posts |
Posted - 25 October 2004 : 18:20:48
|
| I ame also agree that it was not a good attitude - But as a teacher or administrator I have no rights to see what is on my students harddisk (or mail) if they are not agree with it. |
|
|
|
Nathan
Help Moderator
USA
7664 Posts |
Posted - 27 October 2004 : 02:15:35
|
I cant but reiterate what ruirib has said, but I can offer some suggestions for improving your situation a little.
See what you can do to get to know the network admins, it will be good practice for university when you need to learn to suck up to aloof profs. If they know who you are, what you do, and that your not a threat, then you should not have a problem.
Of course, if you are doing anything the network admin wouldn't apprciate then you should consider yourself lucky that they only did what they did. |
 Nathan Bales
CoreBoard | Active Users Download |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 27 October 2004 : 11:15:05
|
And I would add (being one of those "stupid" IT people in a school district) that what you should do Dave is put your talents to work. Request a meeting with the IT people. Show them that you have discovered security holes in the network. Give them suggestions for fixing it. And volunteer to help them do it.
I'm sure that you are not "hacking" for malicious reasons. You probably just like to see what you can do and what access you have. If that is the case, you could be a valuable resource to the school to let them know the problems you find.
If they accept your offer to help, what a wonderful thing for a resume. That you helped your school secure their network. |
Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~ |
|
|
|
Dave.
Senior Member
USA
1037 Posts |
Posted - 27 October 2004 : 17:16:23
|
quote:
Originally posted by Nikkol
And I would add (being one of those "stupid" IT people in a school district) ...
I wouldn't consider you stupid, I'd consider -them- and them only stupid. Maybe it sounded like I made a generalization? I meant they they are stupid, not all school-IT staff.
I'm attempting to meet with them sometime soon... |
|
|
|
Panhandler
Average Member
USA
783 Posts |
Posted - 27 October 2004 : 17:50:13
|
quote:
Originally posted by cladon
I ame also agree that it was not a good attitude - But as a teacher or administrator I have no rights to see what is on my students harddisk (or mail) if they are not agree with it.
If you suspect theft or misdeed, you have a responsibility to see what's on your students hard disk (or mail) whether they agree with it or not.
If it were a threat and you saw the behavior described in the original post, wouldn't you be responsible to take measures?
Consider the shooting, murder and bombing in schools (see Littleton, CO) it becomes very much the teacher's responsibility to seize and search under these circumstances.
As for a 16-year-old student with ego swollen technical superiority; remember that 6 years ago, he was only 10 and in 6 more years he will only be 22-years-old. There's a lot of learning yet to go, and more beyond that.
Honor & responsibility, are things spoken off, but not well taught in school. As a teacher, they may not be on your lesson plan, but they should be in your mind constantly, as these are the things learned by example if not by book.
|
"5-in-1 Snitz Common Expansion Pack" - five popular mods packaged for easy install
". . .on a mote of dust, suspended in a sunbeam. . ."
HarborClassifieds
Support Snitz Forums
|
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 27 October 2004 : 20:58:41
|
quote:
Originally posted by Dave.
I'm attempting to meet with them sometime soon...
Good! Just remember to be courteous and respectful. Don't act like you think you know more than them or they will turn a deaf ear to you. And another suggestion ... start off by apologizing for your actions the other day and explain that you weren't doing anything to harm their network ... then lead into something like "however, I have discovered some things that may be security holes in the network if you would like me to share them with you." |
Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~ |
Edited by - Nikkol on 27 October 2004 20:59:06 |
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 28 October 2004 : 04:29:36
|
Yay! You could walk out of this one as a winner once you show them about the security holes and offer to work with them to resolve them (they will probably not just give you root just yet - this is a good thing  ). And who knows if you manouevre (sp?) yourself into a tier-2 support position you may even have a beer-money revenue stream for when you leave school to work or go to college. It will also impress colleges and employers, may just give you that edge?
Good luck man :) |
|
|
|
Classicmotorcycling
Development Team Leader
Australia
2085 Posts |
Posted - 28 October 2004 : 07:00:30
|
I do not think it would be a good idea to meet with the Administrator of the schools Network and tell the school what you have found wrong with the Network there, as it would only prove their theory correct, and that is that you were hacking in to the schools Network. Then you can expect to be thrown out of school and possible charges laid.
I would keep your mouth closed and say nothing. Cop it on the chin and say "fair enough, enough is enough" and let it drop. I am sure if you get their backs up by showing their inability to do their work they will call in the cops and you had just told them what was wrong with their Network, so it would be counted as evidence and give the police ample enough to seize your computers (which includes your home PC).
|
Cheers,
David Greening |
|
|
|
cladon
Junior Member
Belgium
110 Posts |
Posted - 28 October 2004 : 10:17:00
|
quote:
If you suspect theft or misdeed, you have a responsibility to see what's on your students hard disk (or mail) whether they agree with it or not.
If it were a threat and you saw the behavior described in the original post, wouldn't you be responsible to take measures?
Yes that is correct. But that is also the problem. There have to be facts so you can prove youre suspections. When you only see things that is not a prove it can also be an impression. There is also the right on privacy... |
|
|
|
Dave.
Senior Member
USA
1037 Posts |
Posted - 28 October 2004 : 17:28:10
|
quote:
Originally posted by Classicmotorcycling
I do not think it would be a good idea to meet with the Administrator of the schools Network and tell the school what you have found wrong with the Network there, as it would only prove their theory correct, and that is that you were hacking in to the schools Network. Then you can expect to be thrown out of school and possible charges laid.
I would keep your mouth closed and say nothing. Cop it on the chin and say "fair enough, enough is enough" and let it drop. I am sure if you get their backs up by showing their inability to do their work they will call in the cops and you had just told them what was wrong with their Network, so it would be counted as evidence and give the police ample enough to seize your computers (which includes your home PC).
Then I just won't say anything.
Now they have disabled our ability to save to our USB flash disks... great. |
|
|
|
laser
Advanced Member
Australia
3859 Posts |
Posted - 28 October 2004 : 17:47:27
|
So maybe they did know what was open on their network, but decided to leave it open for the goodness of all. Now they think/realise that people could be exploiting the openness for the wrong reasons, and hence are tightening the security.
Obviously they know how to do some things well then |
|
|
|
Dave.
Senior Member
USA
1037 Posts |
Posted - 28 October 2004 : 18:06:33
|
quote:
Originally posted by laser
So maybe they did know what was open on their network, but decided to leave it open for the goodness of all. Now they think/realise that people could be exploiting the openness for the wrong reasons, and hence are tightening the security.
Obviously they know how to do some things well then
I could still use a floppy to do whatever I want, it's just that I don't have an FDD on my laptop, so I generally don't use them. I could still download the file from the internet, or use a CD, it's just an inconvenience that I can't use USB. |
|
|
|
Topic |
|
Topic Locked
