Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Windows local admin in a .edu environment.

from [Dan Lynch] Network Security [Permanent Link]
Subject: RE: Windows local admin in a .edu environment.
Date: Wed, 30 Jan 2008 08:09:53 -0800 
Locally, two high school students gained or were given access to a
teacher's laptop. Using the teacher's already logged in local admin
credentials, they installed a keystroke logger, captured passwords for
the grading system, and changed their semester grades.

http://www.theunion.com/article/20050310/NEWS/103100069

If the system can't be physically secured against an environment full of
mischievous kids, additional security is justified. Start with
appropriate policy, but don't rely on it.


Dan Lynch, CISSP
Information Technology Analyst
County of Placer


-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Paul Halliday
Sent: Tuesday, January 29, 2008 4:31 PM
To: Security Basics Forum
Subject: Windows local admin in a .edu environment.

I am looking for insight (pros and cons) on the issue of granting
local admin rights to faculty and staff in a .edu setting. Let's
assume that the staff and faculty have direct access to core
administrative systems and portals like Sharepoint and Peoplesoft.

I have never thought of this argument as subjective (am I just being
anal?) but apparently I was wrong. I would love to hear the general
consensus on this issue. I am especially interested in what others in
.edu are doing.

Thanks.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Law Enforcement Foresics Tools, Rui Pereira (WCG)
Next by Date:  RE: Remote Branch reconfiguration, mgaysek
Previous by Thread:  Windows local admin in a .edu environment., Paul Halliday
Next by Thread:  Law Enforcement Foresics Tools, Michael Condon
Indexes:  [Date] [Thread] [Top] [All Lists]