Joined: 04 Mar 2003
|Posted: Wed Nov 02, 2005 1:57 am Post subject: Oct '05 SFDC Column
October ’05 SFDC Column
This past month has been an especially busy month for at Security-Forums as we just had another Quarterly prize give-away. A big congratulations goes out to this quarter’s winners. It is only through the contributions of our members, and the excellent work of our moderation team that Security-Forums is, what it is. We must all continually strive to keep this forum the most welcoming forum one where skill levels of all types can meet, and exchange knowledge. With that said lets take a look at some of last months posts.
PAM, security physical access
The poster of this thread wants to know of various ways to physically restrict access to a computer. This is due to limit access to various files, which would allow privilege escalation to the local attacker. There are a plethora of ways that a local attacker can elevate their user privileges if they have physical access to the computer. Some excellent advice was given by The_Psyko to further harden access. One way is also to simply lock the door, which gives access to the computer, or computers. It is not very likely that one would attempt such an attack during normal business hours, but rather when most of the other employee’s have gone home. If normal office hours are 0900 to 1700hrs then the last person out should lock the door. This definitively secures physical access!
Limiting IE to one website - how?
The question posed in this thread is to determine how, if possible at all, one can turn a workstation into a kiosk workstation. A kiosk workstation is a computer that is setup to only serve up one site, and not allow any other web content to be viewed on it. We can see by the answers in this thread that there are several ways that this can be done. An ideal setup would likely be a combination of the suggestions offered up in this thread. This is due to the normal circumvention methods such as the one described by Capi. You should never forget though to actually check the vendor site for solutions, as the original poster found out.
Command line for Windows help
The member was requesting a list of Windows commands, and was promptly supplied with various links for his perusal. This list of various Windows cmd.exe commands are one of the area's that a lot of users rarely explore. There exists a large set of commands within Windows, used via cmd.exe, that extend to you a great deal of functionality. One should never be scared to play with command line switches, whether it be via the cmd.exe or xterm. Understanding your operating system often includes playing with command line switches, and programs that are only accessable via the shell. I found this out myself once again when I was trying to figure out the AT command. This was a command I had not used in some time, and was required by me for something I was working on. It served as a good reminder to stay current with the command line environment.
DHCP > Blocking MAC Addresses
The question being asked here was is it possible to deny specific MAC addresses from obtaining IP addresses. There is no real answer to this question that I can think of largely due to the fact that it is also pretty much impossible to know of all MAC addies that you want to declare “persona non grata” as it were. This type of thinking is a valid train of thought though as it impacts computer security. If you have a network, which has DHCP enabled it is quite easy for a contractor to plus in his or her laptop, and have instant access to your network. This is very much undesirable for a variety of reasons. Due to these types of concerns it is always best to disable DHCP in a corporate environment, and statically map MAC addresses on your switches. That will go a long ways in helping secure against a large variety of attacks.
Blocking dynamic ip’s connecting to port 25
The question of how to defend oneself against the near endless procession of spammers trying to use you as a relay for their spam is a good one. Like our poster says it is costing them bandwidth, and you guessed it, bandwidth costs money. When this happens people stand up and take notice. There are several tried and true solutions such as using spamaus, and implementing reverse DNS lookups. This often gets annoying regardless of the precautions taken to mitigate the aggressive tactics employed by spammers. You would be wise to investigate commercial solutions.
Running concurrent firewalls
This post was made with the intent of finding out if there were any repercussions in running more then one firewall at once, on the same computer. It was pointed out that having more then one firewall running at once could most certainly introduce system instability, and other weird issues. We need to remember how a firewall works in order to understand why running more then one at once is not a good idea. The same applies to having more then one anti-virus running. A firewall needs to install certain drivers in order to do its job. Should you have more then one set of drivers installed in the system kernel then you are simply put, asking for trouble. There is no extra protection to be had by having more then one running, as they all essentially work in the same way, by parsing traffic at both the NDIS and TDI layers. For more reading on this topic I would counsel you to read the following article series.
Well this brings us to the end of another monthly column. With winter right around the corner for most of us, that means the beginning of another series of excellent security conferences. Should any of you be attending them, make sure you say which one you are attending so that hopefully someone else from Security-Forums can hook up with you for a beer, and some chat. Who knows you may very well attend a conference where our very own JustinT may be speaking at, or for that matter Capi. Till next months guys, and gals have a great month of November!