Penetration Testing mailing list archives
RE: Scanning a system with HIPS installed?
From: dcdave () att net
Date: Fri, 07 Dec 2007 12:00:20 +0000
This raises an interesting question. If the HIPS is functional and up to date and compliant with your network requirements for security, why shouldn't you allow it on the network? It probably wouldn't be subvertible by other sources, right? Wrong. I can think of at least three good ways to subvert a machine on a network running its own HIPS. One of the most simple and dangerous is that, based on the original concepts of the NCSA in the Orange Book, there are three basic legs to information security. Only one composed of the actual electronics and networks. Ask any pen-tester with experience in the real world, especially in social engineering, and you will find that the other two legs, Physical Security (physical access to the computing resources) and Personnel Security (the ability to feel that due diligance has been done to assure the integrity of the personnel who are authorized to access the computing resources) are equally important. So, the location of the laptop plugging in, and the amount that you know of the person operating it are trul;y important considerations. Hackers and corporate spies (not to mention the other kind) really do use these methods to invade a network. I have always felt that if a network's security were MY responsability, I would NOT allow any uncontrollable factors onto it. In the real world, there are many shades of gray, both in liabilities and culpabilities, and ultimately one may have to follow orders. If so, get them documented and signed.... Dave Druitt -- CSO InfoSec Group 703-626-6516 -------------- Original message from "Sutton, Paul A." <SuttonP () aafes com>: --------------
You would not be able to manage that laptop. Who is going to perform security updates on the OS and ensure their AV is and remains current? What software are they bringing into your network? Unless you have a guest network no computer that you cannot manage should not be allowed on your network. Paul Sutton Network Data Security Analyst IT-G IT Security Management 214-312-6376 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Albert R. Campa Sent: Monday, December 03, 2007 1:14 PM To: pen-test () securityfocus com Subject: Scanning a system with HIPS installed? As far as allowing visitor laptops on your network, when you scan a laptop you would disable any HIPS/Firewall system that is installed so as to perform a full scan. Is there a major reason to not allow a laptop on the network if you could not disable the HIPS(because of admin rights) and just scanned it with HIPS running? thx ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Scanning a system with HIPS installed? Albert R. Campa (Dec 04)
- RE: Scanning a system with HIPS installed? Sutton, Paul A. (Dec 06)
- <Possible follow-ups>
- RE: Scanning a system with HIPS installed? dcdave (Dec 10)