Bugtraq mailing list archives
Re: Circumventing quarantine control in Windows 2003 and ISA 2004
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 23 May 2006 19:01:11 +0400
Dear Memet Anwar, MA> The problem is due to how the requirements are MA> validated, it is trivial for users to trick RRAS/ISA into believing that the MA> client's system are always aligned with the requirements, regardless the MA> actual condition. If you have local administrator level access to the box you can bypass any "internal" checks for this box. You can bypass any Domain policies. You can do everything. Quarantine Control was not designed to protect against attack of this kind. It's a tool to check policy matching, not to protect http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/vpnroamingquarantine.mspx -=-=-=-=- Quote begin -=-=-=-=- Although Quarantine Control does not protect against attackers, computer configurations for authorized users can be verified and, if necessary, corrected before they can access the network. -=-=-=-=-= Quote end =-=-=-=-=- -- ~/ZARAZA http://www.security.nnov.ru/
Current thread:
- Circumventing quarantine control in Windows 2003 and ISA 2004 Memet Anwar (May 22)
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004 3APA3A (May 23)
- RE: Circumventing quarantine control in Windows 2003 and ISA 2004 Roger A. Grimes (May 23)
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004 Mark Senior (May 24)
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004 Memet Anwar (May 25)
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004 Andreas Beck (May 24)