Results 1 to 8 of 8

Thread: Firewall/Windows/Security

  1. #1
    Junior Member
    Join Date
    Mar 2004
    Posts
    3

    Firewall/Windows/Security

    1. Would it be possible for a attacker to gain complete control to a computer without the aid of a Trojan?

    Scenario:
    No firewall and no router
    File sharing is disabled
    Windows/IE completely updated

    2. If it is possible because of a unknown Windows/IE flaw, would a firewall and or router help?

    I am having a debate with someone saying it is possible and I say it is not possible.
    Even with a Windows flaw, a firewall is integrated with Windows and it will be bypassed.

    Any links provided will be greatly appreciated.

    Thank you.

  2. #2
    Junior Member
    Join Date
    Mar 2004
    Posts
    19
    is social engineering out of the question?

    if it's not, then i'd say there might be a way.

    but as a programmer, i'd say it should not be included on the process.

  3. #3
    Junior Member
    Join Date
    Mar 2004
    Posts
    3
    No social engineering.

  4. #4
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Good Day,

    The answers to your questions can be found here at this site by using the search engine on the upper right hand area of the main page and also by using www.google.com. Just enter: securing my windows computer.

    cheers

  5. #5
    Junior Member
    Join Date
    Mar 2004
    Posts
    3
    Thank you for the reply, but my question was not about "securing my windows computer".

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Posts
    111
    ....Then the answer to your question is yes.
    NORML

    Signature image is too tall!

  7. #7
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    John,

    Securing your windows computer is exactly what your questions are about. If you go and do just a little reading and studying you and your friend will not find yourself asking those questions.

    The answers to your questions can be found here at this site by using the search engine on the upper right hand area of the main page and also by using www.google.com. Just enter: securing my windows computer.

  8. #8
    Junior Member
    Join Date
    Feb 2004
    Posts
    12
    The version of Windows is an important consideration here. With windows 9x/ME, gaining complete control of the operating system is a bit more difficult because there are very few network services running on the system. Even so, it is still possible. Recent RPC exploits would allow an attacker to gain control over a system without using a trojan.

    If Windows 2000/XP is your OS of choice then, yes it is very easy to get complete control of the system. It may be as simple as cracking a password to log into the telnet server with (if the telnet server is enabled of course). Password cracking can also be applied against Microsoft's terminal services. Once a password is found, it's as simple as making a Remote Desktop connection to the system. Besides this, attacking an unpatched windows server with a known exploit is trivial.

    Lastly, an attacker may be creative enough to convince you (through an email or some other form of social engineering) to open your XP pro desktop for remote support, which also uses RDP (remote desktop protocol).

    As for the integrated firewall, it must be enabled before any protection is afforded. If the firewall is enabled, then any exploits directed at network services on the system will be dropped. If an IE flaw is exploited, the attacker may be able to coax your system into downloading a backdoor (e.g. Netbus Pro), but the attacker still would not be able to connect to the backdoor due to the integrated firewall.

    Hope that info is of some value.
    _TOMDAQ

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •