Penetration Testing mailing list archives

Re: password auditing

From: Tracy Reed <treed () ultraviolet org>
Date: Tue, 17 Nov 2009 10:52:46 -0800

On Tue, Nov 17, 2009 at 08:59:29AM -0600, Harris, Michael C. spake thusly:

Make sure you have permission from the highest possible source, ISO,
CIO, chairman of the board the higher the better.


Probably a good idea. Especially in a big corporation where things can
easily get out of control when the lawyers get their hands on
things. Learn the lesson of poor Randall Schwartz and his felony
convictions due to his work with Intel. In a smaller company (such as
mine) I wouldn't worry so much.

Do not use a networked box, period.  Do it off line, and in a locked
room. Lock the console whenever the auditor does not have eyes on


Might be a bit overkill but ok... Seems like all of the servers should
be in a locked room anyway.

Lastly, be sure to at least 3x over write the drive with random pattern after the audit is complete too.


This has not been necessary for years and we really need to put an end
to this sort of cargo-cult security.

http://blogs.sans.org/computer-forensics/2009/01/15/overwriting-hard-drive-data/

And some analysis of modern techniques for recovering data and their
effectiveness:

https://blogs.sans.org/computer-forensics/2009/01/28/spin-stand-microscopy-of-hard-disk-data/

Executive summary: Data overwritten once is unrecoverable on any drive
made in the last 10 years. So do a single write pass from /dev/random
on working drives.

For non-functional drives or where overwriting is not possible
drilling holes is very sufficient for any business and personal
data. I recently used a 1/4" cobalt tip drill bit in my bench press on
a dozen failed drives containing sensitive information and then
pitched them to the recyclers.

For top secret data wanted by an enemy with unlimited resources where
you could not overwrite the data just once then recovery via Spin
Stand Microscopy from undamaged areas of the platter is possible at
great expense and weeks of constant work. Shattering the platter makes
this technique much harder rendering perhaps 80% of the data
unrecoverable. You are still best off with a cheap one time write of
the whole drive.

And as far as data recovery from failed drives goes this is rather
amusing:

http://blogs.sans.org/computer-forensics/2009/09/30/the-failed-hard-drive-the-toaster-oven-and-a-little-faith/

-- 
Tracy Reed
http://tracyreed.org

Attachment: _bin
Description:

Current thread:

password auditing Derek Robson (Nov 17)
- Re: password auditing James Bensley (Nov 17)
- RE: password auditing McGhee, Eddie (Nov 17)
  - Re: password auditing Kevin L. Shaw, CISSP, GCIH (Nov 17)
  - RE: password auditing Harris, Michael C. (Nov 17)
    - Re: password auditing Tracy Reed (Nov 17)
- RE: password auditing John Perea (Nov 17)
  - Re: password auditing Robert Portvliet (Nov 17)
- Re: password auditing Robert Portvliet (Nov 17)
  - Message not available
    - Re: password auditing Robert Portvliet (Nov 17)
- RE: password auditing Bakshi, Narinder (FIN) (Nov 17)
- Re: password auditing Meta Junkie (Nov 17)
- Re: password auditing Ross Del Duca (Nov 17)
- Re: password auditing Haris Pilton (Nov 17)
- Re: password auditing R. DuFresne (Nov 17)
  - Re: password auditing Derek Robson (Nov 17)

(Thread continues...)