RE: Remotely manage Zone Alarm

["Jay Woody" <jay_woody () tnb com>]

I think there was a vulnerability that allowed you to take complete
control of a box running Zone Alarm.  If he hasn't patched it, you may
be able to hack in.

http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt

That's it I think.  Didn't read it again, but it came out in April if I
remember right, so he has had time to patch.

JayW

> > > "Halverson, Chris" <chris.halverson () encana com> 09/04/03 11:57AM
Short of getting on the machine and enabling remote management, and a
password protection schema.  I am not sure...

you might try protecting the resource from his username and if the
password
is being utilized, you know it is intentional.

Chris

-----Original Message-----
From: Cesar Diaz [mailto:cesadiz () yahoo com] 
Sent: Thursday, September 04, 2003 7:36 AM
To: security-basics () securityfocus com 
Subject: Remotely manage Zone Alarm




We have a user that works remotely.  Since he works outside our 

firewall he has Zone Alarm Pro on his machine.

 

This week he is in the office.  Our logs show he is trying to access 

things he shouldn't be and doing things he shouldn't be.  For internal


political reasons HR wants some more proof that it's not accidental.  I


can't access his c$ share to look at Zone Alarm logs or remotely access


his event logs because of the Zone Alarm

 

Is there a way to centrally manage Zone Alarm settings or is this user


completely shielded while inside our network?

 

Cesar




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30
(Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event
in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. 

Symantec is the Diamond sponsor.  Early-bird registration ends
September
6.Visit us: www.blackhat.com 
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30
(Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event
in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. 

Symantec is the Diamond sponsor.  Early-bird registration ends
September 6.Visit us: www.blackhat.com 
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------