Vulnerability Development mailing list archives
Re: un-hibernating laptop using old network settings
From: Ron DuFresne <dufresne () winternet com>
Date: Wed, 4 Jul 2001 15:30:27 -0500 (CDT)
How does this differ from the effects of a home pc or laptop taken from work to home, and used to surf the net when not used in a vpn tunnel to the workplace? Same threat, yes? Thanks, Ron DuFresne On Tue, 3 Jul 2001, Zow Terry Brugger wrote:
I have a feeling that there might be more subtle security issues relating to hibernating a system in a trusted environment and awakening it in an untrusted one, apart from user education issues, but can't put my finger on any just now.The threat that immediately occurs to me is the reverse: having the laptop in an untrusted environment, then moving it to a trusted environment. Let's say the laptop gets cracked when it's on the untrusted net. Then the user moves the laptop to a trusted network where a background program wakes up and automatically cracks machines on the trusted network. I read about someone using their own laptop with such a program to do a red team assessment for a customer (I think it was on /. but I'm not sure). They put the program on the laptop (so they didn't crack their own box, but having the program introduced by a remote attacker is the next logical step) then they took the laptop into the customer site under the pretext of doing a presentation to a member of the technical staff. As soon as the red team member plugged into the local (trusted) network, the laptop started cracking servers, installing backdoors and punching holes in the firewall. The person claimed that during their 30 minute presentation this automatic program pretty much took over the entire company's network. Returning to your original question, consider if the automated program didn't install any backdoors, it just grabbed the information the attackers wanted and stored that info on the laptop for retrieval once the laptop moved from the trusted to the untrusted network. Or even more straightforward, the user deliberately puts company proprietary information on the laptop when connected to the trusted company network and the laptop doesn't get compromised until it's moved to an untrusted (home perhaps?) network, whereupon the attackers compromise the laptop and grab the proprietary information. The only solution is defense in depth. The two best practices that occur to me in this case is to use network intrusion detectors even behind your firewalls and keep all your machines patched. While patching may be particularly problematic for laptops since they aren't always there, it's probably more important for them than it is for desktop systems just because of all the odd networks they may end up on. If you're more paranoid, consider keeping your laptops on a separate network or sanitize them when leaving or returning to a trusted network. My $.02, Terry #include <stddisclaimer.h>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- un-hibernating laptop using old network settings Andrew Daviel (Jul 02)
- Re: un-hibernating laptop using old network settings Erick B. (Jul 02)
- Re: un-hibernating laptop using old network settings Zow (Jul 04)
- Re: un-hibernating laptop using old network settings Ron DuFresne (Jul 04)
- Re: un-hibernating laptop using old network settings Marukka (Jul 04)
- Re: un-hibernating laptop using old network settings Curt Wilson (Jul 04)