Other security issues involved with pre-install Dell Windows XP - Dell PC that have the pre load installed at factory contain a dell login that needs to be disabled, along Ms support Login and anonymous login, these, particular user accounts need to have these accounts disabled. You can only find the existence of these hidden accounts via the use of control panel
Administrative tools >computer Management>users. If you choose to try an add a user you will get a list of inbuilt accounts that should not be added to the default users in computer management, but certainly the default Microsoft "support_38" and Help Assistant.accounts need to be disabled as well as anonymous login - refer to document details below.
The Network compromise was directed as I was downloading a great deal of dell drivers so the assumption is that the user has not disabled the escalated privileged user that default dell installations of Dell XP Include. As audit trails were turned on during the network compromise the hacker attempted to login to the Dell PC with the escalated privileges of inbuilt dell support account, however it has been disabled an can be found in most all newish type of pre installed Dell XP Pro The following document may enlighten you as to the changes from default that ANY XP Pro user needs to understand and execute to safeguard unauthorised access I will leave it up for a while for those who want to take a copy - Its a lot of work as the standard install of Windows XP from original disk does not address many security concerns the O/S has in particular escalation of authority Reading this document may give you some understanding on how much work needs to be done to default install if you site is to be rated as secure via .MIL agencies which fortunately I spend a lot of time on as a consultant to these type articles. http://users.tpg.com.au/adslmi38//winxp-security-nsa.pdf Regards Scott Registration Account wrote:
Thanks randall,
I should have worked that out for myself. I was browsing and downloading files from dell.com for a troublesome dell PC (No surprises there, as I have never found 1 dell PC that comes close to being 100% IBM compatible - due to their amazing number of BIOS/Chipboard drivers which are needed) and I received a latter response, indicating the Network had been compromised( immediate Internet connect to network shut-down) from an IP in .TW, the whole range I have now placed on reject RTS to any packet from 143.166.0.0/16) I had completely forgotten my 1 Windows XP running PC on the network. Its the last one to await conversion due to internal issues.
ALL staff have had ALL user passwords changed and the Windows XP was found with a little bit of nice spyware it is the very nasty and hard to get rid of 'DSO Exploit'
I have changed the Windows XP user to a limited user until I can change the O/S
Regards
Scott
P.S So do any other Windows users think they are safe??? My Network is a secure as a Bank and this hacker was still able to compromise 1 windows system.
Randall R Schulz wrote:
On Wednesday 13 June 2007 15:46, Registration Account wrote:
Can anyone out there tell me what is a Prosiak Back-door connection in Linux. This is a copy of the first IDS connection which I think is only applicable to Unix/Linux From what I can tell from Google searching (ahem), this is an exploit to which only Windows is susceptible. It appears to be somewhat of an old one, at that, dating back to 2005 in its latest version.
Thanks
Scott
Randall Schulz