Discussion in 'MCSE' started by G. Orme, Mar 6, 2004.

  1. G. Orme

    G. Orme Guest

    Some excerpts:

    "Mr. _____ began working for the majority in the Nominations Unit of the
    Judiciary Committee on September 19, 2001. He was interviewed and hired by
    Mr. _____, the Republican Staff Director for the Committee at that time. Mr.
    _____'s responsibilities involved the handling and processing of nominations
    paperwork. Later he was given additional responsibilities, including
    researching for the Committee's attorneys and speaking with the Department
    of Justice's Legislative Affairs and Legal Policy representatives. He stated
    that he worked for Ms. _____ and Mr. _____.
    According to Mr. _____, he became aware that he could access the files of
    Democratic staff some time in October or November of 2001. He made this
    discovery after watching the Committee's Systems Administrator, Mr. _____,
    perform some work on his computer. An admittedly curious person, Mr. _____
    attempted to duplicate what the System Administrator had done after Mr.
    _____ left his workspace. According to Mr. _____, he accessed "My Network
    Places/Entire Network/Judak." In so doing, he was able to observe all of the
    users' home directories. He then clicked on different folders to see which
    ones he could access; he was able to access some folders, but not others.
    The folders that he could access, he stated, belonged to both Republican and
    Democratic staff.
    The fact that not all security events were audited significantly inhibited
    this investigation because permission changes could not be analyzed on any
    computer. When a user account is created, the System Administrator assigns
    that user access to certain privileges and resources on the network. If the
    system is not properly configured, users may be able to change their level
    of access and privileges. Because the System Administrators were not
    auditing permission changes, the forensic review was unable to produce a
    history of who had access to the files containing the Democratic documents
    at issue. This trend of not fully logging security events began before the
    the Committee's server upgrade in April of 2003. When the Committee migrated
    from Windows NT to Windows 2000 in April 2003, the same log settings were
    preserved and, as a result, the logging continued to be inadequate for a
    comprehensive security audit.
    Our investigation revealed that some user home directories were set to
    "open" permissions and other home directories were set to "strict"
    permission. This appears to be a result of the Judiciary Committee Network
    having two System Administrators during the time frame in question. One
    System Administrator had very strict account policies in place and the other
    did not.
    In conversations I've had with Mr. _____ since we spoke, it has come to
    light that I was not instructed to set such user permissions on each folder
    under the old system. This was an oversight in teaching me how to set up the
    accounts. My assumption was that these permissions were restricted by some
    other means, and as I was taking over an already functioning system, I did
    not think to double check this area of security."
    G. Orme, Mar 6, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.