[Veritas-bu] jnbSA just sucks
2002-11-26 23:20:50
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C295CC.5E6DDB00
Content-Type: text/plain;
charset="iso-8859-1"
You could fix this problem with the careful application of NT permissions.
Nobody gets read or execute permissions but your login.
-----Original Message-----
From: briandiven AT northwesternmutual DOT com
[mailto:briandiven AT northwesternmutual DOT com]
Sent: Tuesday, November 26, 2002 9:07 AM
To: bluejay AT fujigreenwood DOT com; dan.sixbury AT aquila DOT com;
veritas-bu AT mailman.eng.auburn DOT edu
Subject: RE: [Veritas-bu] jnbSA just sucks
I tested this and it is a huge security hole. I re-booted my PC and had
another person logon and they could fire up the Admin Console as if it
were me sitting here.
There actually is not a login/password, but simply a verification of
your system # as defined as a Server.
-----Original Message-----
From: dan.sixbury [SMTP:dan.sixbury AT aquila DOT com]
Sent: Tuesday, November 26, 2002 9:32 AM
To: bluejay; veritas-bu
Subject: RE: [Veritas-bu] jnbSA just sucks
If I remember correctly, you still have to use a login / password when
using the admin console. So even if someone gained access to your PC
they
would need a userid / password for NetBackup administration.
Dan
-----Original Message-----
From: Adametz, Bluejay [mailto:bluejay AT fujigreenwood DOT com]
Sent: Tuesday, November 26, 2002 6:03 AM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: RE: [Veritas-bu] jnbSA just sucks
> Once the software is installed, you need to update "bp.conf"
> on the media
> servers(s) and add "SERVER" entry of the client host(where the
> Administration Console is installed).
But then does anyone who sits down at your PC have admin access to
Netbackup?
- Bluejay Adametz
Definition: Kedophobia n. The fear of having one's sneakers eaten by the
escalator's teeth.
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
------_=_NextPart_001_01C295CC.5E6DDB00
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: [Veritas-bu] jnbSA just sucks</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>You could fix this problem with the careful =
application of NT permissions. Nobody gets read or execute =
permissions but your login. </FONT></P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: briandiven AT northwesternmutual DOT com</FONT>
<BR><FONT SIZE=3D2>[<A =
HREF=3D"mailto:briandiven AT northwesternmutual DOT com">mailto:briandiven@nort=
hwesternmutual.com</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Tuesday, November 26, 2002 9:07 AM</FONT>
<BR><FONT SIZE=3D2>To: bluejay AT fujigreenwood DOT com; =
dan.sixbury AT aquila DOT com;</FONT>
<BR><FONT SIZE=3D2>veritas-bu AT mailman.eng.auburn DOT edu</FONT>
<BR><FONT SIZE=3D2>Subject: RE: [Veritas-bu] jnbSA just sucks</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>I tested this and it is a huge security hole. I =
re-booted my PC and had</FONT>
<BR><FONT SIZE=3D2>another person logon and they could fire up the =
Admin Console as if it</FONT>
<BR><FONT SIZE=3D2>were me sitting here.</FONT>
</P>
<P><FONT SIZE=3D2>There actually is not a login/password, but simply a =
verification of</FONT>
<BR><FONT SIZE=3D2>your system # as defined as a Server.</FONT>
</P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: =
dan.sixbury [SMTP:dan.sixbury AT aquila DOT com]</FONT>
<BR><FONT SIZE=3D2>Sent: Tuesday, =
November 26, 2002 9:32 AM</FONT>
<BR><FONT SIZE=3D2>To: =
bluejay; veritas-bu</FONT>
<BR><FONT SIZE=3D2>Subject: RE: [Veritas-bu] jnbSA =
just sucks</FONT>
</P>
<P><FONT SIZE=3D2>If I remember correctly, you still have to use a =
login / password when</FONT>
<BR><FONT SIZE=3D2>using the admin console. So even if someone =
gained access to your PC</FONT>
<BR><FONT SIZE=3D2>they</FONT>
<BR><FONT SIZE=3D2>would need a userid / password for NetBackup =
administration.</FONT>
</P>
<P><FONT SIZE=3D2>Dan</FONT>
</P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Adametz, Bluejay [<A =
HREF=3D"mailto:bluejay AT fujigreenwood DOT com">mailto:[email protected]=
om</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Tuesday, November 26, 2002 6:03 AM</FONT>
<BR><FONT SIZE=3D2>To: veritas-bu AT mailman.eng.auburn DOT edu</FONT>
<BR><FONT SIZE=3D2>Subject: RE: [Veritas-bu] jnbSA just sucks</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>> Once the software is installed, you need to =
update "bp.conf" </FONT>
<BR><FONT SIZE=3D2>> on the media</FONT>
<BR><FONT SIZE=3D2>> servers(s) and add "SERVER" entry of =
the client host(where the</FONT>
<BR><FONT SIZE=3D2>> Administration Console is installed). </FONT>
</P>
<P><FONT SIZE=3D2>But then does anyone who sits down at your PC have =
admin access to</FONT>
<BR><FONT SIZE=3D2>Netbackup?</FONT>
</P>
<P><FONT =
SIZE=3D2> &nb=
sp; &nb=
sp; &nb=
sp; - Bluejay Adametz</FONT>
</P>
<P><FONT SIZE=3D2>Definition: Kedophobia n. The fear of having one's =
sneakers eaten by the</FONT>
<BR><FONT SIZE=3D2>escalator's teeth. </FONT>
<BR><FONT =
SIZE=3D2>_______________________________________________</FONT>
<BR><FONT SIZE=3D2>Veritas-bu maillist - =
Veritas-bu AT mailman.eng.auburn DOT edu</FONT>
<BR><FONT SIZE=3D2><A =
HREF=3D"http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu" =
TARGET=3D"_blank">http://mailman.eng.auburn.edu/mailman/listinfo/veritas=
-bu</A></FONT>
<BR><FONT SIZE=3D2>_______________________________________________</FONT=
>
<BR><FONT SIZE=3D2>Veritas-bu maillist - =
Veritas-bu AT mailman.eng.auburn DOT edu</FONT>
<BR><FONT SIZE=3D2><A =
HREF=3D"http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu" =
TARGET=3D"_blank">http://mailman.eng.auburn.edu/mailman/listinfo/veritas=
-bu</A></FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C295CC.5E6DDB00--
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Veritas-bu] jnbSA just sucks, (continued)
- [Veritas-bu] jnbSA just sucks, Vapiwala, Kevin V [IT]
- [Veritas-bu] jnbSA just sucks, Tim McMurphy
- [Veritas-bu] jnbSA just sucks, Paul Boatman
- [Veritas-bu] jnbSA just sucks, Steve Yang
- [Veritas-bu] jnbSA just sucks, Adametz, Bluejay
- [Veritas-bu] jnbSA just sucks, Quarantine
- [Veritas-bu] jnbSA just sucks, Sixbury, Dan
- [Veritas-bu] jnbSA just sucks, briandiven AT northwesternmutual DOT com
- [Veritas-bu] jnbSA just sucks,
Donaldson, Mark <=
|
|
|