|
|
|
|
|
|||||||
 |
MCSE - http://judiciary.senate.gov/testimony.cfm?id=1085&wit_id=2514 |
|
|
Thread Tools | Search this Thread |
03-06-2004, 03:44 AM
|
#1 |
http://judiciary.senate.gov/testimony.cfm?id=1085&wit_id=2514
http://judiciary.senate.gov/testimon...85&wit_id=2514
Some excerpts: "Mr. _____ began working for the majority in the Nominations Unit of the Judiciary Committee on September 19, 2001. He was interviewed and hired by Mr. _____, the Republican Staff Director for the Committee at that time. Mr. _____'s responsibilities involved the handling and processing of nominations paperwork. Later he was given additional responsibilities, including researching for the Committee's attorneys and speaking with the Department of Justice's Legislative Affairs and Legal Policy representatives. He stated that he worked for Ms. _____ and Mr. _____. According to Mr. _____, he became aware that he could access the files of Democratic staff some time in October or November of 2001. He made this discovery after watching the Committee's Systems Administrator, Mr. _____, perform some work on his computer. An admittedly curious person, Mr. _____ attempted to duplicate what the System Administrator had done after Mr. _____ left his workspace. According to Mr. _____, he accessed "My Network Places/Entire Network/Judak." In so doing, he was able to observe all of the users' home directories. He then clicked on different folders to see which ones he could access; he was able to access some folders, but not others. The folders that he could access, he stated, belonged to both Republican and Democratic staff. .... The fact that not all security events were audited significantly inhibited this investigation because permission changes could not be analyzed on any computer. When a user account is created, the System Administrator assigns that user access to certain privileges and resources on the network. If the system is not properly configured, users may be able to change their level of access and privileges. Because the System Administrators were not auditing permission changes, the forensic review was unable to produce a history of who had access to the files containing the Democratic documents at issue. This trend of not fully logging security events began before the the Committee's server upgrade in April of 2003. When the Committee migrated from Windows NT to Windows 2000 in April 2003, the same log settings were preserved and, as a result, the logging continued to be inadequate for a comprehensive security audit. .... Our investigation revealed that some user home directories were set to "open" permissions and other home directories were set to "strict" permission. This appears to be a result of the Judiciary Committee Network having two System Administrators during the time frame in question. One System Administrator had very strict account policies in place and the other did not. .... In conversations I've had with Mr. _____ since we spoke, it has come to light that I was not instructed to set such user permissions on each folder under the old system. This was an oversight in teaching me how to set up the accounts. My assumption was that these permissions were restricted by some other means, and as I was taking over an already functioning system, I did not think to double check this area of security." G. Orme |
|
|
