Maybe one of you can suggest something here. I'm not finding much yet, possibly because I'm not finding it easy to define precise search terms for.
In short: One of our users here no longer requires a password to login. That is, he gets the normal login box (for the NT domain) that asks for his login and password, but it accepts anything you put in the password box, even a blank password.
Once he's logged in, he can successfully access network resources on servers around the network with his normal rights, whether he entered his usual password, a totally random password or left the password box blank when he logged in.
Changing / resetting his password doesn't fix the situation.
Needless to say, I'm not really thrilled about this development.
His workstation is running XP Pro SP2. The authentication servers are running NT 4.0 SP6a. The servers he's successfully logging in to once authenticated are running various things.
If I wanted to give someone a link to a quick, concise document that introduces basic principles of Operational Security, what would you recommend? It should be business focused, not government. Also it should hit all the major points; door locks, shredding, challenging unknown persons, keycard/ID badge security, etc. Any help is mucho gracias.
I wonder if anyone saw this already and what do you think of it?
----------------------------------- BP takes 18,000 laptops off LAN And plugs them securely into the net...
Energy group BP has shifted thousands of its employees off its LAN in an attempt to repel organised cyber criminals.
Rather than rely on a strong network perimeter to secure its systems, BP has decided that these laptops have to be capable of coping with the worst that malicious hackers can throw at it, without relying on a network firewall.... -------------- full article http://software.silicon.com/security/0,39024655,39156608,00.htm