|
-
May 17th, 2005, 03:21 PM
#1
How secure will be this configuration?
Ok, ive received this configuration:
- An application needs to run on a windows server (2000 or 2003) and it needs to run with a logged administrator user .
- That application cant run as a service and it has a "window".
- That application will be in tcp listening mode on a port choosed by me.
- No, i cant change the application to run as a service. I didnt write it nor my client. My client bought that sh*t and the vendor have no idea how to run it as a service. The client must run as is (as a foreground application, with an admin user logged)
- Yes, it must be run as an admin. Ive tried to run it if several "less power" user configuration, but it didnt work. Ive ask the vendor, but only answer that i received was "it must run as an administrator". Why? "because..."
- I must install it and run on the best way i can.
What i did:
- ive disabled all shares, including administrative ones. That machine does not belong to a domain and the only port that is open (aparently) is that i choose to the application.
- Only local logon is allowed. Only administrators can log on on the server.
- Ive Disabled autorun for everything. Ive disabled usb ports too.
- Machine boots, autolog on the admin, starts the application and lock the server. (yes, the user wants that the process to be automatic - if you have a better idea to do that without human intervention, please post here)
- To shutdown the application: the application has a remote interface (thru that port too) that allow the application administration to shutdown it. When the application shutdowns, it runs AFTER a script the shutdowns the server too.
My concerns:
- how safe it is now?
- what i can do to enhance the security? (dont suggest to change the application - i cant do that)
Any analysis and/or suggestions will be wellcome.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
May 17th, 2005, 03:45 PM
#2
I would use 2003.
Does the app have to be "The Administrator" or a member of the admin group??
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
May 17th, 2005, 03:57 PM
#3
Don't you just hate vendors like that?
The application needs a windows server but they have no clue how to run it as a service. They're also clueless as to what privileges the application needs. Sigh, makes you wonder what kind of programmers they've hired... Makes you wonder about the ports the app is opening too...
It sounds like how I would setup a server for crap like that.
One thing though.. physical access?
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 17th, 2005, 05:29 PM
#4
Does the app have to be "The Administrator" or a member of the admin group??
the application must have admin priviledges. I suspect that it uses some kind of API that demands that. But unfortunetaly, vendor doesnt know (or doesnt want to reveal) which API is causing that. I did some kind of digging on objects and parts were written in VC, parts in VB and parts in Delphi  Go figure if they didnt steal part of application from other companies.
Anyway, i dont want to go further since my client is paying to secure the environment and not to do reverse engineering on tha cr*p.
Makes you wonder about the ports the app is opening too...
i did some scans on the server using several tools and it looks to open only the port that ive choose. However, i will lock all other ports anyway, since it can trigger some malware after i leave my client :  - but its kinda useless doing that since the program is running under admin priviledges, so it can undo my "locks". Its the best that i can do without a external firewall.
One thing though.. physical access?
rofl. The server is located in the middle of the office. Thats why my concerns about autorun and usb..... and before you suggest, i cant move it either to a safe location. (domain server are there anyway)
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
May 17th, 2005, 05:47 PM
#5
rofl. The server is located in the middle of the office. Thats why my concerns about autorun and usb..... and before you suggest, i cant move it either to a safe location. (domain server are there anyway)
Is locking it in a box a viable option? There are some purpose built security box's on the market. Even a home made one would be better than leaving it open.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
May 17th, 2005, 06:09 PM
#6
create an operator account, and lock down the administrator account. Lock down one thing at a time though since you have no idea what the account needs.
cheers,
catch
-
May 17th, 2005, 07:29 PM
#7
create an operator account, and lock down the administrator account. Lock down one thing at a time though since you have no idea what the account needs.
already tried. It looks like that the application needs a high priviledge. But i cant expend a lot of time on that because the client wont pay me to do that. BTW, client demands that i install it as the vendor RECOMENDS....
Is locking it in a box a viable option? There are some purpose built security box's on the market. Even a home made one would be better than leaving it open
tks for the idea, but since all other servers (DC include) are in the same situation, "client" doesnt want to put $$$ on that....
anyone can see other "logical vulnerabilities" on that config? on "Physical side" i cant improve more.. except maybe bomb the vendor
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
May 17th, 2005, 07:35 PM
#8
already tried. It looks like that the application needs a high priviledge.
It can need all the priviledge it wants, so long as it doesn't actually use things like "take ownership", access to specific files, etc it'll work just fine.
anyone can see other "logical vulnerabilities"
Yeah, your signature on that contract.
That aside, why? You don't seem to want or be able to fix them. Unless you make an attempt at implementing least priviledge on the Admin account there is no point in worrying about anything else.
cheers,
catch
-
May 17th, 2005, 08:39 PM
#9
Yeah, your signature on that contract.
That aside, why? You don't seem to want or be able to fix them. Unless you make an attempt at implementing least priviledge on the Admin account there is no point in worrying about anything else.
I cant agree more, but i work for the money. My service is "customize" that crap as best as i can. But i cant kick my clients' butt just because i disagree of his security policies
On my final report i will report all problems that i see on that config and why i cant fix them.
But i need feedback from you to see "all" problems that i need to put on my report that i will deliver with my bill...
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
May 17th, 2005, 08:47 PM
#10
I'd simply state that the limitations of the application make it impossible to determine all liability, so you are accountable for nothing. You did the best you could, but as there are not standards, guidelines, or even best practices for this situation... you cannot be held liable for any security issues.
cheers,
catch
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote