Background: Our client's HQ share a building with their parent company.
Internet access goes through the parent company's external router, there is a
physical firewall that sits between said router and our switch. Our client's
network (all servers running Win2k3 SP2) is completely separate, diff
forest/domain, etc. Separate rack (no doors or locks) but same server room.
Our client also has several branch offices whose users connect to HQ via
rpc/http for email and RDC to access the Terminal Server.
Recently the parent company launched an internal research website and
encouraged everyone, including our client's users to log in using their email
alias as the username and their "outlook" password as the password. And it
worked! Each of our client's users were able to enter their email alias and
domain password to site and were authenticated. Needless to say I am shocked
and horrified, especially since the email aliases are also domain usernames!
How is the parent company able to authenticate our users using our email
aliases and passwords? Are they listening to our traffic? Hacking into our
AD? What am I missing here? How do I prevent this from happening?
Any insight or advice is much appreciated. Thanks.
|
Similar Threads
Linear Mode
