Network Security: Detailed info on Admin rights via backdoors

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

Admin rights via backdoors

from [WALI] Network Security

[Permanent Link]

Subject:	Admin rights via backdoors
Date:	Fri, 09 Mar 2007 18:02:22 +0400

Hi Guys

I do understand the risks of seeing open ports on servers using nmap/nessus but need to demonstrate a concept to my managers, the need for segregating software developers and production environments, especially pertaining to an financial application being built in-house.

I maintain that getting admin rights into an application while bypassing logical access controls flowing down from Active directory or OS level is trivial for a programmer if he hard codes some backdoor entry ports replete with usernames and passwords. They disagree that if they have no AD rights granted on the resource (different AD domains / filers etc), there is no reason to physically isolate developers from production.

Is my contention conceptually correct? How can I demonstrate this with a dummy application?

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Hacking Book / Information, (continued) Re: Hacking Book / Information, Ivan . Re: Hacking Book / Information, reginap1 RE: Hacking Book / Information, J.M. Seitz Re: Hacking Book / Information, Ali, Saqib Re: Hacking Book / Information, Jeromey Hannel Re: Hacking Book / Information, Ankur Jindal Re: Hacking Book / Information, brain5ide Re: Hacking Book / Information, Deian Stefan Re: Hacking Book / Information, Gerhard Rickert Re: Hacking Book / Information, Nabil Alsharif Admin rights via backdoors, WALI <= RE: Admin rights via backdoors, Scott Ramsdell Re: Admin rights via backdoors, Adam Pridgen Re: Admin rights via backdoors, Demonic Software RE: Hacking Book / Information, lee Re: Hacking Book / Information, jfvanmeter Re: Hacking Book / Information, reginap1 RE: Hacking Book / Information, David Re: Hacking Book / Information, suahrm

Previous by Date:	Security Risks and contorls of Wireless mouse and keyboards, David Bergert
Next by Date:	RE: Hard disk Encryption, Johnny Wong
Previous by Thread:	Re: Hacking Book / Information, Nabil Alsharif
Next by Thread:	RE: Admin rights via backdoors, Scott Ramsdell
Indexes:	[Date] [Thread] [Top] [All Lists]