Re: Remotely manage Zone Alarm

["gregh" <chows () ozemail com au>]

> ----- Original Message ----- 
> From: Cesar Diaz 
> To: security-basics () securityfocus com 
> Sent: Thursday, September 04, 2003 11:36 PM
> Subject: Remotely manage Zone Alarm




> We have a user that works remotely.  Since he works outside our 
> firewall he has Zone Alarm Pro on his machine.

<SNIP> 
 
> Is there a way to centrally manage Zone Alarm settings or is this user 
> completely shielded while inside our network?
 
ZA Pro is far from being inpenetrable. You only have to look on other securityfocus list archives to see what I mean. 
There are 3 things I can immediately think of that may help and not be too nasty for you:

1) If the user isnt all that aware and just HAPPENS to run ZA Pro, tell him there is a need to make sure something is 
correct each time as you are not getting something or other on your network correctly. Even fake an incident where real 
work he is supposed to do remotely wasnt actually done to "prove" it. If you can convince him, put a program of your 
choice that does the same sort of thing PC Anywhere does and make sure his ZA Pro allows PC Anywhere (or the prog of 
your choice like it) full access on his machine before you give it back. You can remotely allow anything you want with 
that sort of access. You might even just tell his ZA Pro to allow FULL access from a certain IP number you control to 
do anything and then make sure his machine allows that sort of access as a WIN98 machine would for example. He wouldnt 
have a clue about anyone monitoring him then.

2) Check out Full Disclosure and other lists here at SecurityFocus. There are floods you can send at ZA Pro that stops 
it working. Then you can get in.

3) Just install something that watches everything he does and reports it back to you but to be honest, you would be 
better shoring up access your end. You might consider thanking him for pointing out holes in YOUR network!

Greg.

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------