Guest Nicholas Edivan Posted April 23, 2008 Posted April 23, 2008 Situation: Running a VBS password script locally on a workstation (script has password) that would change a remote local admin server password. All units are within AD. Question: Wouldn't that type of traffic be able to be sniffed? Quote
Guest Dobromir Todorov Posted April 24, 2008 Posted April 24, 2008 What does the script use: ADSI, LDAP, invokes comamnd line tools, etc? Can you post the script? -- --- HTH, Dobromir Learn more about Security and Identity Management: Visit http://www.iamechanics.com "Nicholas Edivan" <nedivan@nospam.gov> wrote in message news:480F5750.5542.00AD.0@nospam.gov... Situation: Running a VBS password script locally on a workstation (script has password) that would change a remote local admin server password. All units are within AD. Question: Wouldn't that type of traffic be able to be sniffed? Quote
Guest Roger Abell [MVP] Posted April 24, 2008 Posted April 24, 2008 Most likely yes, it could be sniffed, but it depends, such as on whether the network is switched, on which net segments are traversed, whether IPsec is in use to encrypt the traffic, on what technologies are used by the script, etc.. "Nicholas Edivan" <nedivan@nospam.gov> wrote in message news:480F5750.5542.00AD.0@nospam.gov... Situation: Running a VBS password script locally on a workstation (script has password) that would change a remote local admin server password. All units are within AD. Question: Wouldn't that type of traffic be able to be sniffed? -------------------------------------------------------------------------------- Situation: Running a VBS password script locally on a workstation (script has password) that would change a remote local admin server password. All units are within AD. Question: Wouldn't that type of traffic be able to be sniffed? Quote
Guest Nicholas Edivan Posted April 25, 2008 Posted April 25, 2008 There are 15 segments all running IPsec. The script is launched from a local workstation that is not part of the 15 segments. Created by OnScript Editor the script is as such: Creates a random complex password, LDAP server lookup, authenticates with Domain Admin to one server, changes password and moves on to the next server. Since IPsec is running I believe the traffic will be able to be sniffed but not deciphered. Any thoughts... Quote
Guest Dobromir Todorov Posted April 27, 2008 Posted April 27, 2008 So is this workstation running IPSec or not? If it's not, it will either run plain text traffic to the server (if the server is set for the IPSec Server Request Security mode), or unable to connect to the server (if the server is running IPSec Server Require Security Mode). -- --- HTH, Dobromir Learn more about Security and Identity Management: Visit http://www.iamechanics.com "Nicholas Edivan" <nedivan@nospam.gov> wrote in message news:48119FAA.5542.00AD.0@nospam.gov... There are 15 segments all running IPsec. The script is launched from a local workstation that is not part of the 15 segments. Created by OnScript Editor the script is as such: Creates a random complex password, LDAP server lookup, authenticates with Domain Admin to one server, changes password and moves on to the next server. Since IPsec is running I believe the traffic will be able to be sniffed but not deciphered. Any thoughts... Quote
Guest Nicholas Edivan Posted April 29, 2008 Posted April 29, 2008 The workstation and server are both running IPSec: Required Mode Quote
Guest Dobromir Todorov Posted April 29, 2008 Posted April 29, 2008 In which case - provided that they are able to successfully negotitate an IPSec policy (which you can test by means of a single ping between them) - they WILL protect (authenticate peer identity, authenticate data integrity, and encyrpt) all traffic between them, regardless of whether your script, or any other application was running on the workstation. IPSec is a security layer of abstraction which works along with IP. Upper layer protocols - including TCP/UDP and all the apps on top of them - use this transparent layer of abstraction without any specific configuration. -- --- HTH, Dobromir Learn more about Security and Identity Management: Visit http://www.iamechanics.com "Nicholas Edivan" <nedivan@nospam.gov> wrote in message news:4816F0B5.5542.00AD.0@nospam.gov... The workstation and server are both running IPSec: Required Mode Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.