Eye Opener

by Mitch Tulloch [Published on 13 Oct. 2005 / Last Updated on 13 Oct. 2005]

Running LSADump2 against your Windows machines can be a real eye-opener!

Did you know how easy it is for someone to obtain passwords and other sensitive information from your computers? All they have to do is gain physical access to your machines and run LSADump2 on them. And if your computer belongs to a domain then you're domain is in trouble! Even passwords used by system services are accessible by dumping LSA secrets like this. Yikes!

What does this tell us? If you don't have *physical* security for your machines, you don't have *any* security. Sure, long passphrases will slow an attacker down, but if they can gain access to a domain machine and run a password cracking tool on it, you're domain is 0wn3d and you better start updating your resume!

Review the physical security of your network today and make sure you're doing everything you can to protect your information assets!

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links