February 20th, 2007, 11:09 PM
I am sure many of you have heard of the security product called "DeepFreeze" which is available from faronics.com.
I am an admin and i have set this program up on my computers on my lan and i want to know can this program be deleted by booting from a floppy with a program like fdisk or by using knoppix?.
The reason i ask is because it says on the companys web site that this program protects the mbr and partition table.
Last edited by YoungNobody; February 20th, 2007 at 11:25 PM.
February 21st, 2007, 12:02 AM
February 21st, 2007, 12:25 AM
Certainly it would seem wise to check the vendors site .....
February 21st, 2007, 12:36 AM
That is how you do a legitimate uninstall from within Windows. I think our friend was asking about unauthorised disabling/uninstalling, as he did mention Knoppix, Fdisk and floppies?
February 21st, 2007, 01:00 AM
Well that could be true, but he did say he was the admin ... so I took him at his word.
February 21st, 2007, 01:36 AM
The way I read the original post is that he is the Admin and is using this product on his network.
He seems to want to know if you can circumvent or delete it by unauthorised methods. I guess a bit like the school or library scenario?
My argument is that it is pretty secure at locking down the system within Windows, but if you boot from media with a "live CD", for example, it cannot defend itself.
You would need to use other security options to prevent this attack vector.
However, you would need to have a reasonable knowledge of how it worked to sucessfully attack it?
I guess it is all down to risk analysis?
February 21st, 2007, 01:52 AM
I gotcha ..... after I reread the initial post I see what you mean. Well he should select the HDD as the first boot device in BIOS and then set a password in the bios. Then there wouldnt be a direct vector of attack using a live cd.
February 21st, 2007, 02:01 AM
I ran across this site a while back and thought it would be some insight for some knowledge. I don't know how relevant the information still is but it is a start to see if some of it applies to your situation.
February 21st, 2007, 07:50 AM
To the DeepFeez question
the BIOS password can easily be changed- or just plain removed.
I'm not sure about just attacking DF from a live boot disk like knopix, but I know for a fact you can some how bypass DF's settings and change things- I saw it done at school by someone else. If they could change something- then they prob. could have run things like the uninstall file or just del the start up or go after one of the program's .dll 's. The program itself can be tampered with- tho not sure exactly how.
*Those who trade freedom for security deserve neither *
February 21st, 2007, 10:54 AM
The basic "rule" is that if you allow unsupervised physical access to a machine it can be owned.
The first step in this kind of situation is to perform a threat/risk analysis.
Thus far we have thought about live CDs and bootable floppies but there are others:
1. Live CD/DVD
2. Bootable floppy
3. External device attached to LPT1 etc.
4. USB drive
5. Other computing device via null modem cable
6. E-mail attachments
7. Internet downloads
You also need to consider that you need to protect the network as well as the authorised devices attached to it. Like what is the point if someone can just plug their private laptop into it.
You need to control the boot sequence and protect the BIOS. OK the BIOS can be attacked in a variety of ways, notably:
1. Remove CMOS battery
2. Operate jumper switch on MoBo
3. Short EEPROM chips with a paper clip
4. Flash the BIOS
As a starter, you would have to be sure that the cases are physically secure (locked).
Don't forget that you can use Windows policies and permissions to control what users are allowed to do. Frequently your security model needs to be both layered and integrated. Physical controls, OS authorities controls, third party software controls.
I usually start with the questions:
1. What do I want users to be able to do?
2. What don't I want them to be able to do?
3. What are the risks?
4. What is the potential damage?
At the end of the day your options range from a dumb terminal to full network administrator rights............... it is up to you to determine what is appropriate.
In all honesty I am not aware of any security product that is a substitute for a well thought out security model supported by appropriate processes and procedures.
By BinaryBrother in forum Newbie Security Questions
Last Post: October 21st, 2005, 11:25 PM
By dialupdaemon in forum Newbie Security Questions
Last Post: June 27th, 2005, 02:43 AM
By PopFly in forum Newbie Security Questions
Last Post: April 16th, 2005, 01:34 PM
By SDK in forum Product / Book / Training / Conference Reviews
Last Post: February 22nd, 2002, 09:42 PM
By DISLEX in forum Security Archives
Last Post: December 18th, 2001, 06:08 AM