Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Deeper Penetration
From: "J. Oquendo" <intrusion () ENGINEER COM>
Date: Thu, 16 Nov 2000 09:16:26 -0500


It's hard for something like Tivoli, or a reporting or monitoring tool that is installed on the domain and running 
agents, not to be installed as a privileged


Thats what groups are for and hopefully people don't forget that. Its also a good thing to run little neat toys like 
sudo aliong with expect scripts an networks which needs access levels at a higher norm than typical "mom-and-pop" 
networks.

sudo + ipsec + expect over tunneling is probably the best way to have something like Tivoli or any other montoring 
service set up in my opinion. Sure its a bit of a b#tch to set up but thats the fun part.


For someone breaking into something, those services that are running as accounts other than LocalSystem or local 
accounts, can be a great thing to find!


For someone configuring these services I would hope they would be more clueful when assessing security. Then again if 
this were so many security gurus would be poor :O

sil () disgraced org
sil () antioffline com

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault