An enterprise full of hackers

  • Thread starter Thread starter RickDash
  • Start date Start date
R

RickDash

I work in an enterprise of over 5000 employees everyone of them I do no
trust. What is the best method of securing administrative machines t
keep curious users away from them. Our enterprise is a mixe
w2k3,win2k,NT4 server environment and win xp pro, win2k pro and nt
desktop environment. We have over 2500 mobuler users to boot. We hav
noticed in several audits of our administrative maches that other user
have been attemting access to admin machines. Is there a way of hidin
the machines themselves and still allow rdp from administrators over th
netwrork or vpn etc
 
In
RickDash said:
I work in an enterprise of over 5000 employees everyone of them I do
not trust. What is the best method of securing administrative
machines to keep curious users away from them. Our enterprise is a
mixed w2k3,win2k,NT4 server environment and win xp pro, win2k pro and
nt4 desktop environment. We have over 2500 mobuler users to boot.
We have noticed in several audits of our administrative maches that
other users have been attemting access to admin machines. Is there a
way of hiding the machines themselves and still allow rdp from
administrators over the netwrork or vpn etc?
Click to expand...


I'd probably post this in a Windows server group if I were you.

Some basics? Make sure you have good physical security in place (nothing
else really matters as much). Don't give any users more than regular 'user'
rights. Use only NTFS. Use the Windows firewall. Don't allow non-admins to
use RD. Use group policy (but it won't work for your NT boxen; they ought to
be upgraded / replaced anyway at this point!). Enable strict auditing,
complex passwords, forced changes, forced pw-protected screensavers.
 
RickDash said:
I work in an enterprise of over 5000 employees everyone of them I do not
trust. What is the best method of securing administrative machines to
keep curious users away from them. Our enterprise is a mixed
w2k3,win2k,NT4 server environment and win xp pro, win2k pro and nt4
desktop environment. We have over 2500 mobuler users to boot. We have
noticed in several audits of our administrative maches that other users
have been attemting access to admin machines. Is there a way of hiding
the machines themselves and still allow rdp from administrators over the
netwrork or vpn etc?
Click to expand...

This is a complex subject that doesn't lend itself to the quick answers you
can get in a newsgroup. Instead, spend some time reading the information at
Microsoft's TechNet. The TechNet site is filled with "best practices" for
securing your Windows server networks.

Also, with such a large organization I'm sure that you have a support
contract with Microsoft. Call them and have them help you. The server
support team is excellent.

Malke
 
'Lanwench [MVP - Exchange said:
']In RickDash (e-mail address removed) typed:-
I work in an enterprise of over 5000 employees everyone of them I do
not trust. What is the best method of securing administrative
machines to keep curious users away from them. Our enterprise is a
mixed w2k3,win2k,NT4 server environment and win xp pro, win2k pro and
nt4 desktop environment. We have over 2500 mobuler users to boot.
We have noticed in several audits of our administrative maches that
other users have been attemting access to admin machines. Is there a
way of hiding the machines themselves and still allow rdp from
administrators over the netwrork or vpn etc?-


I'd probably post this in a Windows server group if I were you.

Some basics? Make sure you have good physical security in plac
(nothing
else really matters as much). Don't give any users more than regula
'user'
rights. Use only NTFS. Use the Windows firewall. Don't allow non-admin
to
use RD. Use group policy (but it won't work for your NT boxen; the
ought to
be upgraded / replaced anyway at this point!). Enable strict auditing

complex passwords, forced changes, forced pw-protected screensavers.
Click to expand...

All this has been done but they keep finding avenues of exploration.
What I was trying to find is a way of hiding the machine from networ
view while still maintaining remote access
 
In
RickDash said:
'Lanwench [MVP - Exchange said:
']In RickDash (e-mail address removed) typed:-
I work in an enterprise of over 5000 employees everyone of them I do
not trust. What is the best method of securing administrative
machines to keep curious users away from them. Our enterprise is a
mixed w2k3,win2k,NT4 server environment and win xp pro, win2k pro and
nt4 desktop environment. We have over 2500 mobuler users to boot.
We have noticed in several audits of our administrative maches that
other users have been attemting access to admin machines. Is there a
way of hiding the machines themselves and still allow rdp from
administrators over the netwrork or vpn etc?-


I'd probably post this in a Windows server group if I were you.

Some basics? Make sure you have good physical security in place
(nothing
else really matters as much). Don't give any users more than regular
'user'
rights. Use only NTFS. Use the Windows firewall. Don't allow
non-admins to
use RD. Use group policy (but it won't work for your NT boxen; they
ought to
be upgraded / replaced anyway at this point!). Enable strict
auditing,

complex passwords, forced changes, forced pw-protected screensavers.
Click to expand...

All this has been done but they keep finding avenues of exploration.
What I was trying to find is a way of hiding the machine from network
view while still maintaining remote access.
Click to expand...

If they can't get into it, who cares if they can see it?

What you have here is more of an HR issue than a technical one. As a wise
man said, "There are seldom good technological solutions to behavioral
problems" - if you have a written computer use policy that states that users
cannot do XYZ, and they do XYZ, make sure management knows about it.

If you don't have a written computer use policy, get one.
 
RickDash said:
I work in an enterprise of over 5000 employees everyone of them I do
not
trust. What is the best method of securing administrative machines
to
keep curious users away from them. Our enterprise is a mixed
w2k3,win2k,NT4 server environment and win xp pro, win2k pro and nt4
desktop environment. We have over 2500 mobuler users to boot. We
have
noticed in several audits of our administrative maches that other
users
have been attemting access to admin machines. Is there a way of
hiding
the machines themselves and still allow rdp from administrators over
the
netwrork or vpn etc?
Click to expand...


Other than physically restricting access, why are you letting your
users go probing around the network? In mine, if anyone goes using
Attacker or some other forensic tool to go probing around, they'll get
sniffed out and probably fired. They may get one chance to explain
themself. Just don't go locking all the house doors and putting metal
plate over the windows to keep out the band of gun shooting thugs.
Shoot back! Get company policy in place and make sure it gets
enforced. Only takes a couple of firings - and making it known - to
get many straightened out.
 
I work in an enterprise of over 5000 employees everyone of them I do not
trust.
Click to expand...

The "Office of The Sheriff, City of Jacksonville, Florida"?

Scary.
 
Back
Top