[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
RE: [Plug] Re:NT/W95 Login Authentication Schemes
|
Later versions of Foolproof are pretty good. The earlier versions were
pretty easy to get around (actually extremely easy). But, (and I forget
whether this is an NT security bug or a Foolproof one) there's an obscure
bug that allows you (once in a while) to access files you're not supposed to
through IE. You just have to keep trying and eventually you'll get in. I
hope somebody can clear up the confusion as to where this security flaw lies
(NT or Foolproof). It's been too long.
Just to clarify, I want a scheme that does NOT just require a password. It
must use something harder to just look at somebody's keyboard or tell a
buddy, like a keycard or something.
-Laktar, a.k.a. Nick Rosen, laktar.dyndns.org
If I Ever Became An Evil Overlord:
27. I will never build only one of anything important. All important systems
will have redundant control panels and power supplies. For the same reason I
will always carry at least two fully loaded weapons at all times.
-- Peter's Evil Overlord List,
http://www.eviloverlord.com/lists/overlord.html
From: "Jack Wilkinson" <jackw@jounce.net>
Reply-To: plug@lists.nothinbut.net
To: <plug@lists.nothinbut.net>
Subject: RE: [Plug] Re:NT/W95 Login Authentication Schemes
Date: Wed, 8 Sep 1999 17:15:02 -0400
additionally, we in Central Bucks School District use FoolProof... Fortres
caused a lot of problems on our systems, and was hacked quite often. It
automatically logs into a "startup" user mode which has few permissions by
default (only able to run programs on the desktop and start menu and save
to
removable disks). Then you just click a tray icon to login as the
superuser
or another class of user that you create.
I like it, and it seems to work, especially with a district of ~20,000
students, the only students who have ever gotten past it are those who do
computer work for the district and are given the password.
> -----Original Message-----
> From: plug-admin@lists.nothinbut.net
> [mailto:plug-admin@lists.nothinbut.net]On Behalf Of Sulfare.Jim.DMM
> Sent: Wednesday, September 08, 1999 4:56 PM
> To: plug@lists.nothinbut.net; plug@lists.nothinbut.net
> Subject: [Plug] Re:NT/W95 Login Authentication Schemes
>
>
> I built a system and used the following security software.
>
> http://www.fortres.com/
>
> you can download a demo..
>
> It has been running for two years now and has only been hacked
> once by a student
> (which he lost his summer job) it was possible because I didn't
> turn on the BIOS
> protection after working on the machine.
>
> Oh yea it is cheap for schools..
>
> Let me know what you think.. I may be able to help you with this.
>
>
> -jimS
>
> ____________________Reply Separator____________________
> Subject: [Plug] NT/W95 Login Authentication Schemes
> Author: <plug@lists.nothinbut.net>
> Date: 9/8/99 12:32 PM
>
> (skip ahead to next paragraph for just the good stuff)
> My high school is attempting to give every student a password for
> login into
> the school computers. This is login to do anything on the
> computers. They've
> already attempted to implement this, but the software they
> purchased proved
> incompatible (hehehe). I am trying everything in my power to stop
> this from
> happening as it's a really really bad idea. This isn't a college.
> This is a
> high school. It also happens to be a high school with a rather
> large set of
> computer literate malcontents (myself included). Within a very
> short amount
> of time people would be logging in under other people's accounts and
> violating policy. Therefore, I'm looking for a solution.
> Fortunately I'm on
> very good terms w/ the head computer dude there and so we're
> going to try to
> put together a proposal for an alternative.
>
> What I've came up with so far is:
> s/key- I don't really know how this could be used for my situation
> securID- That's a card that gives you a key. It changes every minute so
> unlike a pass, if somebody steals just the number it gives, it's
> practically
> useless. A new card could be issued if the old one is lost. This
solution
> seems good, but expensive. Unfortunately Security Dynamics hung up on me
> when they discovered I was a high school student. Idiots.
> Challenge & Response- I've heard of this solution from Enigma,
> but I can't
> access their web site as listed in yahoo. I'm not even sure what it is.
> Some kind of keycard. I believe this just sends a string of text
> that can be
> captured into notepad or the like if borrowed. That shouldn't present
too
> much of a problem.
>
> So if anybody can give me some more details such as price, other
> solutions,
> and really anything else, please do. Just so you know, this must work
for
> about 1200 students plus faculty and hmm, I don't know how many
> computers.
> Probably between 100 and 300.
>
> -Laktar, a.k.a. Nick Rosen, laktar.dyndns.org
>
>
> If I Ever Became An Evil Overlord:
> 32. I will not fly into a rage and kill a messenger who brings me bad
news
> just to illustrate how evil I really am. Good messengers are hard to
come
> by.
> -- Peter's Evil Overlord List,
> http://www.eviloverlord.com/lists/overlord.html
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>
> _______________________________________________
> Plug maillist - Plug@lists.nothinbut.net
> http://lists.nothinbut.net/mail/listinfo/plug
>
>
>
>
_______________________________________________
Plug maillist - Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
_______________________________________________
Plug maillist - Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug
|
|