Re: Remotely manage Zone Alarm

[Birl <sbirl () temple edu>]

As it was written on Sep 5, thus gregh spake:

[snip]

chows:  > Is there a way to centrally manage Zone Alarm settings or is this user
chows:  > completely shielded while inside our network?
chows:
chows:  ZA Pro is far from being inpenetrable. You only have to look on other securityfocus list archives to see what I 
mean. There are 3 things I can immediately think of that may help and not be too nasty for you:
chows:
chows:  1) If the user isnt all that aware and just HAPPENS to run ZA Pro, tell him there is a need to make sure 
something is correct each time as you are not getting something or other on your network correctly. Even fake an 
incident where real work he is supposed to do remotely wasnt actually done to "prove" it. If you can convince him, put 
a program of your choice that does the same sort of thing PC Anywhere does and make sure his ZA Pro allows PC Anywhere 
(or the prog of your choice like it) full access on his machine before you give it back. You can remotely allow 
anything you want with that sort of access. You might even just tell his ZA Pro to allow FULL access from a certain IP 
number you control to do anything and then make sure his machine allows that sort of access as a WIN98 machine would 
for example. He wouldnt have a clue about anyone monitoring him then.
chows:
chows:  2) Check out Full Disclosure and other lists here at
chows:  SecurityFocus. There are floods you can send at ZA Pro that stops
chows:  it working. Then you can get in.



Have to disagree on that.  Every exploit/flood/etc that has been posted to
bugtraq and full-disclourse (especially the recent UDP DoS attack) has
failed to bring down ZA Pro in the test labs.

Since I run ZA Pro, whenever I see an exploit I immediately bounce it over
the ZoneLabs people for investigation.

I dont doubt that ZA Pro can be broken, but I havent seen it done and I am
willing to take ZoneLabs answer at face value.



chows:  3) Just install something that watches everything he does and reports it back to you but to be honest, you 
would be better shoring up access your end. You might consider thanking him for pointing out holes in YOUR network!
chows:
chows:  Greg.




 Scott Birl                              http://concept.temple.edu/sysadmin/
 Senior Systems Administrator            Computer Services   Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------