why not just use a dumb terminal if you are going to go to all that trouble?
-JP On 9/15/06, Dean Pierce <[EMAIL PROTECTED]> wrote: > There is the convenience issue of the speed that the image transfers > across the network. > > There is also the issue that infected workstations may be collecting > passwords. > > My suggestion would be to use the harddrives in the workstation to store > the boot images, and have the minimal operating system on some sort of > USB device or something that the employees can take home with them, and > carry around etc. > > The employee can then.. > > 1. plug in the USB device > 2. boot the machine > 3. enter device password (to decrypt the rest of the device) > 4. the USB device should then be removed > 5. enter the network username and password (remote authentication) > 6. select which operating system to boot to > - now the system checks the hash of the selected image, > and submits it to a central server for approval > - if image is approved, the system is booted > - network mounts are mounted based on user policy etc > > Workstations would then need to be locked down, allowed only to ever > boot to the USB device or whatever, and might employ some bios tricks to > only boot devices that have been signed etc. A decent chassis alarm > system would also need to be in place to avoid tampering. Network > topology should also be static, and trigger alarms if anything is changed. > > It would then be up to the sysadmins to keep the images up to date (not > just security-wise, but also with the latest software). > > If the employee is working with sensitive information (that the > sysadmins should not have access to), the data should all be stored in > an encrypted state on the remote filesystems, and decrypted on the fly > on the workstation when needed. > > problems that may still exist: > > 1. weak sysadmin security policies > 2. weak add/remove/refresh user policies > 3. weakness in the encryption protocols > 4. USB devices can be cloned > > 1 and 2 can be mitigated with strict rules and a positive work > environment, and proactive education (preventing bribes/social > engineering etc). 3 is the fault of the cryptanalysts, and 4 can be > dealt with by using devices with non-readable sections and on-board > crypto (like a smartcard etc). > > Different things can be enforced more or less based on paranoia levels, > but I would say this system is reasonably simple, and prevents most > nastiness, and could even remain pretty stable if the images were not > updated frequently. With using old images, there is the chance of worms > infecting the workstation in the morning, but a decent IPS should > prevent that, and it would be much easier to clean up later. > > Also employees might use recent attacks against eachother to gain > information on other employees that they do not have access to. IPS > should see this though, and if you are really worried, you can make it > so all writable directories that a user has are mounted without execute > permissions or something. > > The user experience is not much more complicated than most current > setups, and I believe this does go pretty far to protect the > workstations from pretty much any sort of malicious tampering, which was > the goal I think. > > - DEAN > > > マグロ原子 wrote: > > In-Reply-To: <[EMAIL PROTECTED]> > > > > I don't really see the point... Possible vulnerabilities (if I didn't > > horribly misunderstand something): > > > > *The AFS server would still need to be updated to keep it secure. > > *If the imaged OS is rootable: > > **The AFS clients that load the images could be replaced by phishnets. > > **The attacker could pose as the user having access to Kerberos > > credentials. (So rm -r / would delete the users "securely kept files") > > > > Or do users only have read-only access to their files?? That doesn't > > seem useful. > > > > Nyoro~n > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
