Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Windows Vista Power Management & Local Security Policy

from [Good Securitypractice] Network Security [Permanent Link]
Subject: RE: Windows Vista Power Management & Local Security Policy
Date: Wed, 23 Jul 2008 13:16:06 -0400 
People in this discussion have been focusing on the technical aspects
rather than the people aspect.

The current power management system is MUCH more secure because people
do not have to be given an account on the machine for them to shut it
down.

This is helpful when an admin can not get to a machine that has to be
gracefully shutdown because of an impending power outage or
thunderstorms.  This can be a home computer, a computer in a dorm
room, a server in a hosting environment etc.

This is also very helpful in a kiosk environment where no one at the
place can be trusted with usernames and passwords to the computer.

As an example the computer operators in our server room do not have a
username or password on the servers but can gracefully bring them down
by pressing the power button.  Not having a username and password
shared amongst multiple operators or giving multiple operators access
to a server is not a good security practice either, especially on
sensitive computers.

Some people will say physical access is enough to compromise security
but we have cameras that record any unauthorized physical tampering.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  AST-2008-010: Asterisk IAX 'POKE' resource exhaustion, Asterisk Security Team
Next by Date:  [Full-disclosure] Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim, Jan MinÃÅ
Previous by Thread:  RE: Windows Vista Power Management & Local Security Policy, Greg
Next by Thread:  Re: Lateral SQL Injection Revisited - No Special Privs Required, a . polyakov
Indexes:  [Date] [Thread] [Top] [All Lists]