Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: preventing run-as option

From: "Buozis, Martynas" <martynas () ti com>
Date: Wed, 11 Oct 2006 08:48:51 +0200
I guess this can be also achieved by restricting program execution not
by path or file name, but also by hashing executable and restring to
execute software that satisfies hash in policy.

Above is also not 100% solution, but my help to reduce occurrences from
launching program from USB stick or different path/name.


With best regards
Martynas 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of MaddHatter
Sent: Tuesday, October 10, 2006 11:22 PM
To: security-basics () securityfocus com
Subject: Re: preventing run-as option

"Dubber, Drew B" <drew.dubber () eds com> said (on 2006/10/09):

From: "Dubber, Drew B" <drew.dubber () eds com>
Subject: RE: preventing run-as option

...
Also set an ACL on the RUNAS.EXE command to allow admins/system only if



you really don't want people to use it :)


As a general rule, this is an ineffective way to limit access. Users can

(and will) simply copy the file elsewhere and run it from there. Or if
you 
prevent read access, they'll copy it from another computer and copy/run 
it from their USB stick.

I can't resist mentioning that if users are sharing passwords, having 
runas (or not) is the least of your concerns. You've lost all ability 
to enforce policies or prosecute someone who does something bad. Users 
can claim, "Even though it was my user account that emailed the 
company's trade secrets to our competitors [or whatever], it wasn't 
actually _me_." Your company just lost a lot of money and has nobody 
to blame but the IT staff who allowed users to get away with sharing 
passwords.


------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: