[rescue] two-factor authentication (topic change)
Big Endian
bigendian at mac.com
Tue Feb 26 16:23:55 CST 2002
>I've walked into sites where:
>1) All machines were ON the internet. We're talking a router plugged
>into a hub. You get the picture.
I work at one that was like this till I got here. Took 4 MONTHS to
get approval for a firewall kludge, 7-8 before I could setup a proper
system.
>2) Network had the best firewalls, IDS systems and VPN solutions
>implemented -- and the damn sysadmins poked tcp/23 through the firewall
>so they could telnet from home. UUUUUUUAAAHHHHHHHHHH *slam*slam*slam*
nope.
>3) Same network as #2 - they had a modem running in AA mode plugged
>into the back of their main AIX box - and when you connected you got a
>shell prompt! AAAHAHHHHHHHHHHH
Oy.
>4) NT VPN access - accounts had a password of 'password'
WOrked there too.
>Ah, the list could go on and on....
oh yes.
>Sometimes being a security guy is a lesson in patience, understanding
>and utter fricking stupidity.
Isn't that the life of any sysadmin?
daniel
--
-----------------------------------------------------------------
"Fragile. Do not drop." -- Posted on a Boeing 757.
More information about the rescue
mailing list