Home page logo

basics logo Security Basics mailing list archives

Re: Mass Machine Login
From: Brian Loe <knobdy () gmail com>
Date: Tue, 24 Jan 2006 10:34:20 -0600

On 1/23/06, Adam Kane <kane () linkitsoftware com> wrote:
 Ryan Cummings wrote:
-----Original Message-----
From: Ryan Cummings [mailto:ryan.r.cummings () gmail com]
Sent: Tuesday, January 17, 2006 10:06 PM
To: security-basics () securityfocus com
Subject: Mass Machine Login

I feel having the same login/password on all 75 computers is a bad
security practice.

I think that in some environments - a call center for instance - an
auto-login actually improves security:
User base which is likely volatile have no knowledge of password.
All users have the same access (for apps and network).
Less user administration - fewer opportunities to screw up.
Default password can be very complex and changed often - daily even,
for the most severely volatile user base.

That's just off the cuff. I've implemented this solution for these
reasons and many others, but essentially you wind up with a very
controlled environment with limited apps running or available and very
limited network access. Where I implemented it, for instance, the
users only had access to their browser and only had access to the
network enough to hit our internal webservers (which ran the app they
needed to get to).

Are you talking about logging into all the computers via SSH or FTP or
something like that or are you talking about having the computers
automatically log in when booted?

This is what I'm wondering more about - details are everything here.
As I recall, you are running XP machines, are they in AD? If so, you
should be able to very easily change the login for all of them  - for
good or just the next reboot. There are a ton of scripts available
from Microsoft to do just that.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]