[LINK] 'NSW MP's Workstation had Network-Scanning Software'

Roger Clarke Roger.Clarke@xamax.com.au
Tue, 4 Sep 2001 09:22:05 +1000 

SMH reports an interesting leak from the report on the NSW MP's machine.

I believe in a considerable degree of freedom of workstation use for 
employees (e.g. private email, lookups of white pages, shopping in 
the lunch-hour, and constraints on monitoring, and on logging, and on 
uses of logs by employers).

But I'm not sure that I see employee freedom to install 
network-scanning software on their workstation as being all that 
important ...

(Okay, this relates to an MP, who is a representatives, not an 
employee,  But I haven't thought about it in *that* context before 
...).


IT blamed for secret downloads
[No, I don't know what the sub-editor thought the heading meant 
either.  Maybe 'IT' is now a sentient being, capable of being 
prosecuted]
The Sydney Morning Herald
Date: 04/09/2001
http://www.smh.com.au/news/0109/04/text/national16.html
By Robert Wainwright, State Political Correspondent

...
The eSec report, part of which has been obtained by the Herald, 
concluded: "A computer in the office of The Hon. Tony Kelly MLC 
appears to have been used to download, install and run computer 
security tools that assist in identifying poorly protected shared 
directories under the Windows File Sharing function.

"Two of the tools (LANguard and Cerberus Webscan) are 
network-scanning tools that assist in identifying vulnerabilities in 
a computer operating system that may then be exploited through other 
means.

"In the case of LANguard, which is capable of identifying Windows 
Share passwords through a brute force guessing approach, the only 
tool required to exploit the vulnerability is Windows Explorer."

The report said LANguard was installed at 9.33pm on July 20. Over the 
next two hours, someone began using the software to scan as many as 
150 computers in the Parliamentary network.

"Although there is no way to be sure that the scan was completed, it 
would take the application approximately 45 minutes to run the scan, 
assuming that 150 computers were located and that a detailed scan of 
each computer was conducted.

"If the scan was completed, the likelihood of a computer with a 
shared directory with no passwords, or a weak password, being 
identified is significant.

"Due to the number of security related tools that were located during 
the analysis it is reasonable to conclude that a person with an 
interest in computer security operated the computer at various times, 
including as recently as July 20, and that the computer was used to 
launch scans within the PNSW network.

"It is not possible to determine the identity of that person based on 
the information contained on the computer."
...
-- 
Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/
			            
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                 Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke@xamax.com.au            http://www.xamax.com.au/

Visiting Fellow                       Department of Computer Science
The Australian National University     Canberra  ACT  0200 AUSTRALIA
Information Sciences Building Room 211       Tel:  +61  2  6125 3666