Solved

Win2k network

Posted on 2003-11-30
21
414 Views
Last Modified: 2011-10-03
at my school we have a network up where all the clients are running windows 2000 and the servers i believe are running windows 2000 advanced server we recently had a problem with someone getting through all the security on the networking so then they took away the right for students to bring in personal computers like PDAs or Laptops i want to set up a meeting with the vice principal to get this resolved so that we can have them back what i need to know is how can we increase the security on the network.  The network i s a wired and wireless.  like i was thinkin the couls disablle the capabilty to creat batch files and things like that but i would like to hear some ideas thanks in advanced
John
0
Comment
Question by:Arthius
  • 5
  • 4
  • 3
  • +4
21 Comments
 
LVL 7

Accepted Solution

by:
wtrmk74 earned 20 total points
ID: 9846976
Schools usually have a very robust network!

Most likely...
They probably took the ability away from the students til they locate the security breach and patch their network.

It is however very common for schools to not allow outside PC connections to be established on there network. It is a major security threat to open the doors wide open to attack.

Sorry if that wasn't what you wanted to hear but it's safe to say you don't have a leg to stand on with this one.

Bottom line is that even the best systems in the world with the best security get cracked into...and if there choice is to close the doors to students logging in with their laptops than I agree with them!

I would assume in the meantime you can still log in at the school library right!

wtrmk74
0
 
LVL 6

Assisted Solution

by:Joseph_Moore
Joseph_Moore earned 105 total points
ID: 9846990
Ok, so a student brought in a laptop or a wireless PDA and hacked at least one of your Win2K servers? Is that correct?
Well then, let's go down the list.
All servers need to be up-to-date on patches/hotfixes/service packs.
All user accounts 1) need passwords, 2) need complex passwords (mixed case, alpha-numerics), 3) need at least logon failures audited, 4) and these audits need to be monitored.
Shared folder permissions, including NTFS Security permissions on the folders, need to be set properly, so that Everyone does not have Full Control. Only allow the accounts that need access, and only give them the appropriate access.
Make sure that passwords are not written down on Post-It notes and stuck on desks/tables/boards/monitors.
Check the Event Viewer logs on your servers for strange events.
Any IIS servers running? Check their logs.
Run the Microsoft Baseline Security Analyzier against the servers for recomendations on changes to make:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/mbsahome.asp
Apply a new security template using the Security Configuration & Analysis MMC snap-in:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/sag_SCMtopnode.asp

Just some ideas

0
 
LVL 2

Expert Comment

by:loral
ID: 9847045
Arthius,

When you say they got past the security, can you elaborate a little more?

Did they have a "guest" logon and were able to access folders they shouldn't; were they able to make a logon other than "guest" and logon on as an admin account; etc.?

If the currect administrator is sharing folders or drives and doesn't have permissions set strong enough against students, they just need to get someone that understands security to streamline the AD / Groups / Permissions.

Post a little more info please.  I know you're frustrated, but reading what you know is sometimes a bit vague.

loral
0
 

Author Comment

by:Arthius
ID: 9847077
ok here is the full story which i probilty should have posted for ya already.  but any was a friend of mine, they know who did all of it already, changed something on the school web site to f****** so they got mad and started investigating so they found out who did it and they wanted to know how he did it my friend used a simple batch file to view the c: drive considering we do have some security but the current admin is not that inteligant and could not figure out how to get auditing on so he posted on a fourm similar to this which i found funny. but any how on the c: dirve my friend looked at was a .txt file that contanted a password and username of a admin of the network so my friend desided to use it and from there gained a whole bunch of accsses to many different things and second nobody that has a major influence on the network really knows what they are doing which is a problem for me.  and this is a technical high school so we have two differnet classes dedicated to computers and networking so we have people that could run the network a little better but it is just not happing so i hope this helps thanks for ur post so far hopefully this can help even more i am not really that frustrated just mad lol any way thanks a lot and hopefully i can get them to change this new rule

John
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9847201
So we are suppose to believe that you are setting up a meeting with the vice principle
to talk about security and your friend is the one who "reads *.txt files" on an NTFS
win2k server containing plain text passwords and admin names?

Anyone who helps you here is not paying attention to what your saying. Your history
questions tell a larger story than the story your telling here.

I say go fish.
0
 

Author Comment

by:Arthius
ID: 9847221
what the heck are u talking about that file was on a client
and it only had one network admin file on it.  ok and second i am going the vice prncipal about getting the network more secure cause the personal computer are needed by some like me i use a PDA non wireless to take notes becuase my handwrint is horrible  

what are u talking about my history of question the only questions i have asked have had to do with my computer IE wine and one about wierless for the
Pda cause we were planing to setup wireless in my house but never did. i have not aslke any other question that might have told a larger story.
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9847395
>>my friend used a simple batch file to view the c: drive considering
we do have some security but the current admin is not that inteligant<<
So your "friend" is the one who breeched security. So your friend hacks
the schools computer and on the other hand "you" are trying to assist
the school in better security.

http://oldlook.experts-exchange.com/Networking/Broadband/DSL_Cable/Q_20719455.html
>>me and a friend live about a mile apart and we both have a cable
connection we want to connect our pcs so that my pc can see his
and vice versa<<
Let me guess, this isn't the friend who hacked the schools computer network.

>>i have not aslke any other question that might have told a larger story<<
The school network was compromised and your friend did the hack. No
large story to decipher here.
0
 

Author Comment

by:Arthius
ID: 9847483
first off yes it is the same friend but again that was personal use from my home computer to his hiome computer because if u read that therally it mentioned that we had d-link router if i am not mistaken and i know because i have worked on some wireing at the school that they use cisco routers.  and if u are trying to insinuate that my frined is me ur wrong because they caught to people and have supened them both for a unknown amoutn of time so therefor ei had nothing to do with what they did to our network i am trying to better the network becasue i want my PDA bac because that is what i use to take notes .  


on a side note i do not appriate the personal attacks i mearly was trying to get someknowledge on a subject as for the VPn over cable we were working on a project together and wanted to be able to easlily share files with ut the worry of emails and floppys and cdroms and if u look that post was mad a long time ago.
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9847610
>>my friend used a simple batch file to view the c: drive considering
we do have some security but the current admin is not that inteligant<<

>>they caught to people and have supened them both for a unknown amoutn of time<<

So now it was not your friend [or you] who accessed the school network with
the "not that intelligent" administrator?

What is the name of the school and what country/city is it in?
0
 

Author Comment

by:Arthius
ID: 9847652
that is relly none or ur business i do not appriate the personal attacks i mearly asked for help ok and u i have never said that my friend did not accesse the network he did but from inside the school and our netwoek admin is a complete moran ok i am not sure how he got the job i had nothing to do with the netowrk being breeched that was a frined of mine alright.  and the security i was talking about was theat we dont have " view" of things like c: drive or contol panell but there are student that know how to see them and my friend used a batch to view the c: he was not orignally looking for the admin pass.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 14

Expert Comment

by:spiderfix
ID: 9847797
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9847861
Tell the assistant Prinicipal to get an outside expert?
If your network is as bad as you say, and the IS/IT guys as bad as that, then they really need an outsource company to come in and straighten out the mess they have.
We could give you points to use, but the big issue here isn't about your using your PDA. Take a recorder.
The network needs good security finese, and neither you nor the Assistant prinicpal are in a position to recitify that.
0
 

Author Comment

by:Arthius
ID: 9847891
Spiderfix i dont know what ur trying to prove here and i dont know what that li=nk ment and yes i followed it and what thats leads to has nothing to do with considering what happened had nothing to do with an outside connection like ur tryingto imply to are tring to prove me guilty of a cirme that u dont have enough background iunfo about u say stuff like u have said
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 9848091
Arthius..   You have got to admit that some of this is hard to swallow.  But since I have been in too many situations where companies (or government for that matter) have the sorriest Network Administrators, I guess I will have to give you a little leeway here.  The Network of which you speak needs to completely overhauled and while I was at it I would hire a decent admin.  Good security is not hard to set up for a decent technician.  You don't even need to be MCSE to implement good security features.  The concepts are pretty simple (see Joseph Moore) and anyone worth their weight in salt (add a little experience and some forethought) can put it together.

And if you wanted to really get aggresive on the way security should be implemented in a University Environment, I believe Indiana Univ has had several articles written about their Network.  

And if all you want to do is to access internet resources and insulate the Intranet (the network Lan), just setup a separate Subnet and do not let it into the Network Subnet.  Lots of ways to do this.  

Or better yet, have them hire a good consultant.  We could use some extra cash for the Holidays.

FE
0
 
LVL 2

Expert Comment

by:loral
ID: 9850586
Arthius,

I think based on a lot of the vague responses, most are uneasy helping solve a problem like this or get involved any further.

To me, it would seem best that IF your school has any intention of allowing student access to the server, they should hire a tech or consultant to come in and go over the system.  Since this is a school and I assume, government owned (not private), there should be a regional IT manager that can take care of the security issues here, and allow limited access by students.

We've all heard the story of the "friend" that did this or that, and for that reason, I think you'll find most of us are not comfortable continuing making suggestions.  

If you were able to go into a meeting with your VP, I'm sure if you tell him that you "asked for help over the internet and here are some ideas these guys supplied"; I really doubt that considering the problem already, they are going to take your advice seriously.

There appears to be some real issues here on both sides.  Mainly, if they kept an admin passord in a text file in a drive someone accessed by a .bat file.......well, this is nothing I want my name associated with.

Much of what you're asking would take a 2 hour sit-down meeting to address; to try to resolve this with all parties involved in a text forum is doubtfully going to come to a conclusion that you will be happy enough to reward the points, regain access, and make the VP of your school assured that his system is again secure.

Good Luck,

Loral R. Johnson
SeaBreeze Computer Services
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 9850737
Well said, Loral.  A network security audit needs to be done here, and by someone that is On Site (knows what they are doing) and the resources that need to be accessed.

FE
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9851041
All in favor of an independant auditor to go onsite, say aye...
{Chorus of Ayes}
Dissenters... Someone gag him!
The Ayes have it... 8-)
0
 
LVL 7

Expert Comment

by:wtrmk74
ID: 9854125
This is the worst post I have seen...and to make it worse it is all speculation!

I think we would all have reasonable imput if there was any validation here.

end of line..................................................................................................................................................................
......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
`````crash and burn`````
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 9854778
Yea, it did get carried away a bit.  O well.
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9855633
Mrrmmph! Hey!
Ok, so the Gag line was a bit much... 8-)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
This video discusses moving either the default database or any database to a new volume.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now