Denying Hacking Programs by Name

[jbclarkman]

On my network I can write a policy that will deny the user the ability to run exe programs by name. Provided they can just rename the program msword.exe but I'm betting that most people won't be worrying about renaming it.

So I'm asking if you all can help me out and provide me a list of hacking tools that might be used against a windows 2000 server, that also runs a web server. All I need is the program name and a breif description of what the program does. I don't need to know where to get it or anything like that cause I really don't care lol. If you all could help me out that would be great.

Thanks

[pooh sun tzu]

I will begin constructing a list, but know that it is in the hundreds of thousands. There are quite literally that many programs out there that have been written for continual destructive use and thus you are in for a lot of name typing. On a side note, couldn't they also change the file name?

But I am glad you are still striving to circumvent it, as program kiddies and scripties annoy us all, I'm sure.

[MrLinus]

On my network I can write a policy that will deny the user the ability to run exe programs by name. Provided they can just rename the program msword.exe but I'm betting that most people won't be worrying about renaming it.

That's a pretty scary bet. I'd actually bet otherwise. It's the activity of the program that is important, not necessarily the name. I'd suggest visiting CERT, look at all the vulnerabilities for Win2K and the webserver in question (IIS or Apache?) and then visit a site like Packet Storm Security and seeing what "exploits/programs" exist.

This method that you are proposing will really only deal with the script kiddies and won't deal with those with a lot more finesse. A better course of action would be to secure the server, have a firewall in front of the web server and an IDS behind it to detect any intrusions.

[Tiger Shark]

Why don't you reverse he policy and make it such that the user can only run programs on the list you define. Then only those programs will run rather than try to guess at the myriad combination of names hacktools either have or can be named.

[jbclarkman]

Thanks, just as soon as possible would be great

[jbclarkman]

WEll I would just reverse the list but than I have the problem of trying to find out every exe that programs such as msword and turbo tax, and other run. That is really alot. lol

[pooh sun tzu]

This method that you are proposing will really only deal with the script kiddies and won't deal with those with a lot more finesse. A better course of action would be to secure the server, have a firewall in front of the web server and an IDS behind it to detect any intrusions.

I agree 100%, as this not only being a faster method but a much more secure one. I've also noticed that the McAfee virus scanner when running in the background constant mode detects a majority of script kiddie applications based upon the hashes(terminology correct?) that makes up the file, rather than the name. Port scanners, crackers, etc etc... I've seen that virus scanner pick up the most amazing things, and in the process save quite a few networks while firing a few employees.

[MrLinus]

It's a lot less than the other way. Is this machine also used for regular usage (regular user with applications and games?)

[jbclarkman]

the server is IIS

[S3cur|ty4ng31]

Why do you only want the ones that hack a 2000 web server, wouldnt you rather have no exploits running on your network?

I would have to agree with tigershark and make a list of ok progs. This list will probably be a lot smaller than a list of all known exploits and it will prevent the possibilty of new 0 dayz being run