Pramod_Mac
Registered
Dear Geeks...
I work in a place where we have around 500 users connected to Macos X panther server.... and we are using panther 10.3 client running on G5/G4's/IMac-G5's/IMac-G4 and 1 to 1.67Ghz PB's...
Here is something I found very scary...
I have downloaded fetch (trial FTP software) and was trying to play with it, I have put on the "remote login" on in the "sharing prefs" and went to other machine and tried to access my Lap top Via Fetch FTP client, using guest access and it did not get connected, but when I flip down to "SFTP" option and said to connect and it got connected via guest access... and the scary part is that I can see my whole HDD in the FTP client folder list.... and tried to Get some files from the root volume and it just got it downloaded on to the other machine.... and keeping my fingers crossed I went to other computer... and created a normal user on the server, and from the client machine launched the FTP "fetch" client and did the same as it did above, and I got almost fainted..... as I could see all the files/folders on the server "root" volume... and I could get all the files folders from the server as a normal user.... then what we did went to server and given "NO ACCESS" to the HDD volume for "Others" and it was normal I said thank GOD....) I could not access via "SFTP now, but other services on the server like "our WEB services started giving problem... I'm I missing something here.... or it is really a security glitch..... we are behind firewall, ours is Intranet under a big network... so attack from outside network, is No No... but internally....????
one last thing we have VLANS and this connection is cutting across VLAns whne checked on the local clients..... can any one throw some light on this issue ASAP.... as it scares us...
Sorry for the the long post..
Thx...
I work in a place where we have around 500 users connected to Macos X panther server.... and we are using panther 10.3 client running on G5/G4's/IMac-G5's/IMac-G4 and 1 to 1.67Ghz PB's...
Here is something I found very scary...
I have downloaded fetch (trial FTP software) and was trying to play with it, I have put on the "remote login" on in the "sharing prefs" and went to other machine and tried to access my Lap top Via Fetch FTP client, using guest access and it did not get connected, but when I flip down to "SFTP" option and said to connect and it got connected via guest access... and the scary part is that I can see my whole HDD in the FTP client folder list.... and tried to Get some files from the root volume and it just got it downloaded on to the other machine.... and keeping my fingers crossed I went to other computer... and created a normal user on the server, and from the client machine launched the FTP "fetch" client and did the same as it did above, and I got almost fainted..... as I could see all the files/folders on the server "root" volume... and I could get all the files folders from the server as a normal user.... then what we did went to server and given "NO ACCESS" to the HDD volume for "Others" and it was normal I said thank GOD....) I could not access via "SFTP now, but other services on the server like "our WEB services started giving problem... I'm I missing something here.... or it is really a security glitch..... we are behind firewall, ours is Intranet under a big network... so attack from outside network, is No No... but internally....????
one last thing we have VLANS and this connection is cutting across VLAns whne checked on the local clients..... can any one throw some light on this issue ASAP.... as it scares us...
Sorry for the the long post..
Thx...