On Mon, 24 Dec 2001, Claussen, Ken wrote:
> One thing that has not garnered a lot of discussion in this thread is the
> security of the framework within which this system works. My Understanding,
> and forgive me if it is not correct, is that this Control is installed on a
> machine and then allows the person at the remote end of the link to interact
> with the users desktop. There are two important points to note.
> One if this is how the product functions, then the person on the remote end
> only has the same "User Privilege" as the person logged on at the console.
> If care has been taken in assigning security levels and groups appropriately
> (namely not granting "Local Administrator Rights") then this vector of
> attack will only be as successful as the person at the console. In other
> words if they are in the Domain Users group they will not be able to cause
> major harm on your network. This also assumes one doesn't leave the console
> logged in and unlocked, I feel locking the console is more secure then
> leaving it at the login prompt.
[SNIP]
I know many on this and the wizards list do their best to assure that
users, at the desktop are not admins of their own systems, for support as
well as security reasons, at least with NT/win200 systems, folks have to
beware, this is not a totally common standard in many many companies and
corporations. And in some of those in which it is for desktops of the
winxxx/NT category, those companies now allowing linux and or bsd desktops
often overlook the issues of root level access on those desktops, becuase
a proper analysis of the issues involved in putting those OS' on the
desktop was never axxomplished. In fact, I know this is an issue with the
EPA, and their support contractor, Lockheed/Martin, at present here in NC,
Which has been wrestling with security related issues for quite a few
years now. So even government agencies often fail to take full
consideration of the issues involved in desktop OS analysis.
Many security scenarios in corporate practice often remind me of a famous
line from Shakespeare's Hamlet, and not the "something is rotten in the
state of Denmark" utterance, though it be fitting to many occasion, but,
we refer here to the line "There are more things in heaven and earth,
Horatio, Then are dreamt of in your Philosophy"...
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
