Discussion in 'MCSE' started by G. Orme, Mar 6, 2004.

  1. G. Orme

    G. Orme Guest

    Some excerpts:

    "Mr. _____ began working for the majority in the Nominations Unit of the
    Judiciary Committee on September 19, 2001. He was interviewed and hired by
    Mr. _____, the Republican Staff Director for the Committee at that time. Mr.
    _____'s responsibilities involved the handling and processing of nominations
    paperwork. Later he was given additional responsibilities, including
    researching for the Committee's attorneys and speaking with the Department
    of Justice's Legislative Affairs and Legal Policy representatives. He stated
    that he worked for Ms. _____ and Mr. _____.
    According to Mr. _____, he became aware that he could access the files of
    Democratic staff some time in October or November of 2001. He made this
    discovery after watching the Committee's Systems Administrator, Mr. _____,
    perform some work on his computer. An admittedly curious person, Mr. _____
    attempted to duplicate what the System Administrator had done after Mr.
    _____ left his workspace. According to Mr. _____, he accessed "My Network
    Places/Entire Network/Judak." In so doing, he was able to observe all of the
    users' home directories. He then clicked on different folders to see which
    ones he could access; he was able to access some folders, but not others.
    The folders that he could access, he stated, belonged to both Republican and
    Democratic staff.
    The fact that not all security events were audited significantly inhibited
    this investigation because permission changes could not be analyzed on any
    computer. When a user account is created, the System Administrator assigns
    that user access to certain privileges and resources on the network. If the
    system is not properly configured, users may be able to change their level
    of access and privileges. Because the System Administrators were not
    auditing permission changes, the forensic review was unable to produce a
    history of who had access to the files containing the Democratic documents
    at issue. This trend of not fully logging security events began before the
    the Committee's server upgrade in April of 2003. When the Committee migrated
    from Windows NT to Windows 2000 in April 2003, the same log settings were
    preserved and, as a result, the logging continued to be inadequate for a
    comprehensive security audit.
    Our investigation revealed that some user home directories were set to
    "open" permissions and other home directories were set to "strict"
    permission. This appears to be a result of the Judiciary Committee Network
    having two System Administrators during the time frame in question. One
    System Administrator had very strict account policies in place and the other
    did not.
    In conversations I've had with Mr. _____ since we spoke, it has come to
    light that I was not instructed to set such user permissions on each folder
    under the old system. This was an oversight in teaching me how to set up the
    accounts. My assumption was that these permissions were restricted by some
    other means, and as I was taking over an already functioning system, I did
    not think to double check this area of security."
    G. Orme, Mar 6, 2004
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jim Nicholson

    Senate Coverage at CSPAN2

    Jim Nicholson, Feb 25, 2004, in forum: Computer Support
    Feb 26, 2004
  2. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "A Guide to Forensic Testimony", Fred Chris Smith/Rebecca Gurley Bace

    Rob Slade, doting grandpa of Ryan and Trevor, Jul 29, 2003, in forum: Computer Security
    Rob Slade, doting grandpa of Ryan and Trevor
    Jul 29, 2003
  3. Win
  4. T.N.O.

    Viewing a .cfm file - How? (Win95)

    T.N.O., Sep 2, 2003, in forum: NZ Computing
    Sep 9, 2003
  5. milan_9211


    milan_9211, Jan 10, 2011, in forum: Software
    Jan 10, 2011