Penetration Testing mailing list archives
Re: [PEN-TEST] Deeper Penetration
From: Clem Colman <clem () colmancomm com>
Date: Thu, 16 Nov 2000 01:35:48 -0500
<snip>
It's hard for something like Tivoli, or a reporting or monitoring tool that is installed on the domain and running agents, not to be installed as a privileged
True. My thinking would be that to limit impact the services on member servers should run under the privilege of a local account or a domain account that has minimal rights in a domain context. This is particularly true, as you noted, where there is an increased risk profile for the machine (ie Webserver exposed to net). At the risk of firing up an almost dead thread what are people's experiences like in the field? I've always thought that Defence in Depth would be much harder to attack, but most managers seem to prefer to put absolute trust in a couple of devices. Thoughts? Cheers, Clem.
Current thread:
- [PEN-TEST] Deeper Penetration thylacine (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Ryan Russell (Nov 16)
- <Possible follow-ups>
- Re: [PEN-TEST] Deeper Penetration Miller Scott Contr 30CS/FTI (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Clem Colman (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Riot (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Clem Colman (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Chris St. Clair (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Oliver Petruzel (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Oliver Petruzel (Nov 16)
- Re: [PEN-TEST] Deeper Penetration J. Oquendo (Nov 17)
- Re: [PEN-TEST] Deeper Penetration Beauregard, Claude Q (Nov 17)
- Re: [PEN-TEST] Deeper Penetration Clem Colman (Nov 17)