Results 1 to 10 of 10

Thread: Deleting DeepFreeze

  1. #1

    Deleting DeepFreeze

    I am sure many of you have heard of the security product called "DeepFreeze" which is available from faronics.com.

    I am an admin and i have set this program up on my computers on my lan and i want to know can this program be deleted by booting from a floppy with a program like fdisk or by using knoppix?.

    The reason i ask is because it says on the companys web site that this program protects the mbr and partition table.
    Last edited by YoungNobody; February 21st, 2007 at 12:25 AM.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm...................... It would seem that Faronics Inc haven't seen me run amok with a S&W Highway Patrolman .357? ............. just try protecting the MBR and partition table against one of those

    It will protect your system such that it will boot to your standard configuration at the next reboot.

    If I can boot from almost any "live CD" that can read and write to a Windows file system then I can destroy it. "Fdisk" is a bit trivial, as that would wipe everything?

    Having said that, to destroy it, I would have to understand it...........and hopefully(?) that what I was about to do was a serious felony offence.

    Unless it has changed dramatically, what it is, is a sort of automatic restore point system............ it takes the machine back to its original configuration, assuming that it hasn't been tampered with.

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Posts
    119
    Certainly it would seem wise to check the vendors site .....


    http://faronics.com/faq/#1

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Net2Infinity,

    That is how you do a legitimate uninstall from within Windows. I think our friend was asking about unauthorised disabling/uninstalling, as he did mention Knoppix, Fdisk and floppies?

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Posts
    119
    Well that could be true, but he did say he was the admin ... so I took him at his word.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm,

    The way I read the original post is that he is the Admin and is using this product on his network.

    He seems to want to know if you can circumvent or delete it by unauthorised methods. I guess a bit like the school or library scenario?

    My argument is that it is pretty secure at locking down the system within Windows, but if you boot from media with a "live CD", for example, it cannot defend itself.

    You would need to use other security options to prevent this attack vector.

    However, you would need to have a reasonable knowledge of how it worked to sucessfully attack it?

    I guess it is all down to risk analysis?

  7. #7
    Senior Member
    Join Date
    Mar 2004
    Posts
    119
    I gotcha ..... after I reread the initial post I see what you mean. Well he should select the HDD as the first boot device in BIOS and then set a password in the bios. Then there wouldnt be a direct vector of attack using a live cd.

  8. #8
    I ran across this site a while back and thought it would be some insight for some knowledge. I don't know how relevant the information still is but it is a start to see if some of it applies to your situation.

    -E

  9. #9
    Junior Member
    Join Date
    Mar 2006
    Posts
    11

    To the DeepFeez question

    the BIOS password can easily be changed- or just plain removed.

    I'm not sure about just attacking DF from a live boot disk like knopix, but I know for a fact you can some how bypass DF's settings and change things- I saw it done at school by someone else. If they could change something- then they prob. could have run things like the uninstall file or just del the start up or go after one of the program's .dll 's. The program itself can be tampered with- tho not sure exactly how.
    *Those who trade freedom for security deserve neither *

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    The basic "rule" is that if you allow unsupervised physical access to a machine it can be owned.

    The first step in this kind of situation is to perform a threat/risk analysis.

    Thus far we have thought about live CDs and bootable floppies but there are others:

    1. Live CD/DVD
    2. Bootable floppy
    3. External device attached to LPT1 etc.
    4. USB drive
    5. Other computing device via null modem cable
    6. E-mail attachments
    7. Internet downloads

    You also need to consider that you need to protect the network as well as the authorised devices attached to it. Like what is the point if someone can just plug their private laptop into it.

    You need to control the boot sequence and protect the BIOS. OK the BIOS can be attacked in a variety of ways, notably:

    1. Remove CMOS battery
    2. Operate jumper switch on MoBo
    3. Short EEPROM chips with a paper clip
    4. Flash the BIOS

    As a starter, you would have to be sure that the cases are physically secure (locked).

    Don't forget that you can use Windows policies and permissions to control what users are allowed to do. Frequently your security model needs to be both layered and integrated. Physical controls, OS authorities controls, third party software controls.

    I usually start with the questions:

    1. What do I want users to be able to do?
    2. What don't I want them to be able to do?
    3. What are the risks?
    4. What is the potential damage?

    At the end of the day your options range from a dumb terminal to full network administrator rights............... it is up to you to determine what is appropriate.

    In all honesty I am not aware of any security product that is a substitute for a well thought out security model supported by appropriate processes and procedures.

Similar Threads

  1. DeepFreeze
    By BinaryBrother in forum Newbie Security Questions
    Replies: 13
    Last Post: October 21st, 2005, 11:25 PM
  2. Deepfreeze Vulnerability?
    By dialupdaemon in forum Newbie Security Questions
    Replies: 16
    Last Post: June 27th, 2005, 02:43 AM
  3. PopUps, PopUps, PopUps ...
    By PopFly in forum Newbie Security Questions
    Replies: 36
    Last Post: April 16th, 2005, 01:34 PM
  4. DeepFreeze for Win95/98/2000
    By SDK in forum Product / Book / Training / Conference Reviews
    Replies: 6
    Last Post: February 22nd, 2002, 10:42 PM
  5. DeepFreeze: Here is a Challenge!
    By DISLEX in forum Security Archives
    Replies: 23
    Last Post: December 18th, 2001, 07:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •