Ksecdd and Win2k

Status
Not open for further replies.
Hello all,

First post, and I wasnt sure if this would go in the Windows OS, or Security forum. :giddy:

[Edit] Too many specific details about my environment, lets just say its rediculously unsecure. Everyone is a local admin

So you can see how focused my environment is.

So to get to the point, I have to keep everything private on a USB key, and even then, how safe is that? Its not.

But I try to keep everything as secure/monitored as possible, locking down rights (even though everyone is an admin,) disabling shares etc...

Well, recently, I noticed my PC freezing up for a second or two at a time, and here is what I found in my event log:

"A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

Logon Process Name: KSecDD:"



Shortly followed (10 minutes) by:

Successful Network Logon:
User Name: Worstationname$
Domain: Domain
Logon ID: (0x0,0x266C312)
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name:



and this

User Logoff:
User Name: Workstationname$
Domain: AD
Logon ID: (0x0,0x266C312)
Logon Type: 3


I've looked at several site including local threads, MS Tech site, and other various forums, and I understand, or at least I think I do, that this (KsecDD) is used by an application to authenticate in several modes, user/system etc...
My understanding is it's primarily used w/ SMB (which I cannot find any signs of shares)

So if that is the case is it possible that someone might be able to use KsecDD w/ a session type of 3 to get into my HD (covert ops style) and grab key logger output, grab screenshots, or generally grab any HD data?

I know this may sound a bit *noid, but I assure you it's w/ cause, I really cant give more details based on the circumstances surrounding my concern and job security.

Thanks for the help
 
Status
Not open for further replies.
Back