|
-
March 2nd, 2006, 04:05 PM
#11
nihil,
I understand what you are talking about and i am not trying to p*ss you off but you have still not effectively answered his question.
You have just told him how you can break into his system and how he should be more open minded when it comes to security.
So please tell us...
How can he prevent this?.
-
March 2nd, 2006, 04:19 PM
#12
Originally posted here by ghostmachine
say for a simple example, user downloaded netcat (from his home,maybe)
bring it to office on a USB/floppy/CDROM , insert it {....}
Your problem starts here... Everything else is the consequence of this... This is what you should be preventing.. How to prevent it?
1) proxies/content scanners can prevent downloading executable content.
2) rip out floppy and cd-drives..
3) disable Mass Storage devices (memory sticks et al)
and start creating a batch such as
echo "HEAD / HTTP/1.1\n\n" | nc.exe -vv <IP> ( ok i forgot the exact syntax, roughly it's like this for example)
Then he can double click the batch and it will execute.
No need to create a batch....
What about Start -> Run... ?
What about Taskmanager's File -> Run.. ?
What about WSH, vbs, js?
There's a plethora of different ways to execute it..
Heck, I could even embed it into a html page and have it execute clientside by using javascript..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
March 2nd, 2006, 04:26 PM
#13
How can he prevent this?.
By doing this
As we are obviously talking about "the enemy within" you MUST blend in physical security and a strong AUP as part of your security model.
And have audit and security logging enabled...
Anything that comes at the server or other workstations can be logged..with a time and IP address..
Then you take the little pri#k aside and fire his a$$
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
March 2nd, 2006, 04:32 PM
#14
YoungNobody
This was my answer (remember we had no environment details at that point):
You might like to look at limiting access to DOS mode/DOS prompt? or maybe look at third party software, particularly if you have to run obsolete OSes for legacy support or whatever.
It depends on circumstances which have been enquired upon but not supplied. WHO is he trying to stop, and WHAT is he trying to stop them doing.
I have answered him insofar as to tell him that his question is both trivial and irrelevant whilst people are allowed to walk on site with their own media and upload and run executables. he needs to lock that down, and determine who actually needs to run batch files, before he even thinks about controlling them.
I will reiterate: messing with batch file authority needs to be done with caution as it may have a dramatic effect on functionality. I am talking about the user's ability to do their job............mess with that and you are history............trust me, I have seen it happen, round about 1982 
We are not talking operating system here, we are talking applications. Many of these have been around for a very long time and still have ancient, embedded stuff in them................yes even ASM 
And to prevent it?....................he needs to develop a balanced security environment and policy. There is NO shortcut that I am aware of.
In fact, I would go as far as to say that messing around with silly little tweaks and not looking at the "big picture" first, is probably more dangerous that doing nothing at all. At least doing nothing does not lull you into a false sense of security?
-
March 2nd, 2006, 05:53 PM
#15
My stock answer would be to use the domain security policies option in your windows domain to block access to the run option in the start up menu and to block certain file types from being executed. Of course if the users are admin of their machines they can by pass this by creating local user accounts that won't be effected by the domain wide security policy.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
March 2nd, 2006, 10:22 PM
#16
Short answer is no, not without 3rd party software.
http://www.beyondlogic.org/solutions...ust-no-exe.htm
http://www.btsoftware.com/products/proguard.htm
There are many others out there... I have no idea how well they work, or how secure they really are..
Windows vista should allow this type of file execution restrictions. And it should do it by actually analyzing the file, not just looking at the name or extension.
-
March 3rd, 2006, 05:05 PM
#17
Domain policies, third party software and what not are all moot if I can boot the machine with a live-cd...
Oliver's Law:
Experience is something you don't get until just after you need it.
-
March 3rd, 2006, 05:29 PM
#18
Member
Disable CD Boot from BIOS along with all the other measures mentioned?
That would kill the Live CD problem, wouldn't it? Never really used one, so I don't know. Just asking / wondering.
Cheers.
I blame you cos my mind is not my own, so don't blame me if I trespass in your zone!
-
March 3rd, 2006, 08:59 PM
#19
Suppose I wander in with a CD/DVD loaded with a bootable distro of some sort.............you are OWNED And all those nice little backdoors, timebombs, keyloggers and stuff that I would load onto your system?
Wow Nihil, I had no idea, which James Bond film were you in??
Jonny I'm your biggest fan and probably not very helpful today, but have just missed you all Frond
Sarcasm is a way of life 
-
March 5th, 2006, 04:24 PM
#20
Originally posted here by RejectKnowledge
Disable CD Boot from BIOS along with all the other measures mentioned?
That would kill the Live CD problem, wouldn't it? Never really used one, so I don't know. Just asking / wondering.
Cheers.
No.
if you take the top off your pc on the motherboard there is a small silver round battery which looks a little like the type of battery's you see in watches the battery on the motherboard is called the cmos battery.
Anyway WITH THE POWER OFF THE WHOLE TIME pull the battery from whats holding it in place and leave the battery out for a minute or two then put the battery back in.
Then go into the BIOS then all the settings with be reset to their defaults even if you set a password the password will now be gone.
To try to prevent this problem you could look into "PC Entrapment Products" here are some links to some products available to give you some ideas:
http://www.secureit.co.uk/MenuSolutions/omegashow.htm
http://store.yahoo.com/wcsc/covuntowen.html
http://www.industrial-computer-enclo...protection.htm
http://www.tryten.com/products/Wc7d5969673fa7.htm
EDIT: Sorry if i jumped in head first at the start of this thread but personal problems are getting the better of me right now and i just did'nt think about the physical side of security i was just thinking about answering his question.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
