Tedob- Yes, you need third party software to detect a nic running in promiscous mode. MS Netmon can detect other netmon users on a network by looking from BONE packets, but that is the only network monitoring tool that i know of that uses BONE packets. In my honest opinion if you are going to build a secure enterprise network you will need software and hardware from many different vendors.
And I still don't understand the importance behind getting to a DOS prompt in this scenario, to me as an administrator, it just isn't that important. Like I said, when I look at how I'm securing a workstation I am only doing it for two reasons:
1) Keep the neophytes from breaking something so I don't have to come back and fix it.
2) Keep the system from getting infected by every other virus that comes out.
It is just about impossible to secure a system when you cannot guarantee the physical security of the machine. It makes it even more difficult to secure the machine when a user has the ability to load and run software from disc or from the web. Does this mean that I'm going to totally overlook the need of building a secure workstation? Of course not. It is just that a lot of the issues that have been brought up in this thread are easily corrected through proper implementation of GPO and NTFS. Which is what I believe the original poster was asking.
In this particular instance it was stated that you cannot remove the ability to download/save items to the local disk. If this is the case then you have to accept the fact that it lowers the overall security of your network. If the users have to be able to save items to their local systems, then you have to acknowledge that yes, they can also save files that you have restricted through GPO/NTFS. This doesn't mean that the software is faulty, it is just that you implementation has a known fault in it. You then just have to plan accordingly to minimize that risk. It is balancing the needs of the business against the needs of security. Ultimately the business needs usually win as they make money, where as security doesn't usually generate money.
I guess the ultimate question that is trying to be answered is can the system being discussed be hacked/run unapproved software. And to that I say yes, without a doubt you can run software that has been restricted due to how the configuration has been described.
