Re: When is a firewall not a firewall?

[Omar Herrera <omar_herrera () BANXICO ORG MX>]

Mh, Antivirus products would also be vulnerable to this sort of "race
condition". There used to be problems with boot sector viruses loading
before the AV and engaging in stealth mode. Things are changing now and
it's been a long time since I last heard of a boot sector virus
infection, but in theory, the vulnerability remains.

Viruses might, for example, replace service executables that are loaded
before AV upon infection, giving them the advantage after a reboot. 

Other security controls could be affected as well (access control
smartcards for example?)

Omar Herrera, CISSP

Instituto Tecnológico y de Estudios Superiores de Monterrey, 
Mexico City Campus 
Information security topic and laboratory



> -----Mensaje original-----
> De: The EDUCAUSE Security Discussion Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] En nombre de Gary Flynn
> Enviado el: Viernes, 05 de Septiembre de 2003 03:32 PM
> Para: SECURITY () LISTSERV EDUCAUSE EDU
> Asunto: Re: [SECURITY] When is a firewall not a firewall?
>
> Hahn, Jacob wrote:
>
> > IP Security policies that are built in to the local and group
policies
> may
> > provide what you are looking for.
> > The real beauty of the group policy based IP Security policies is
that
> can
> > be centrally managed via active directory.
>
> I'm experimenting with them now and they leave a period of
vulnerability
> during boot too. Several seconds just before the logon prompt, a
> specifically
> blocked port (135) was reported open by nmap.
>
> This was done using local policy (i.e. ipsecpol -w REG)
>
> I doubt group policy would be any different.
>
> --
> Gary Flynn
> Security Engineer - Technical Services
> James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.