Vulnerability Development mailing list archives
Windows: Local Security Workarounds - Other operating systems?
From: whitevampire () MINDLESS COM (WHiTe VaMPiRe)
Date: Thu, 6 Apr 2000 17:06:13 -0400
We have largely discussed the security, or lack thereof when having complete physical access to a machine (specifically Windows 9x in this case); I will summarize what we have determined from this discussion. The BIOS password can easily be circumvented physically via opening the case and removing the battery or changing a jumper, this being the last chance scenario. Many BIOSes have either backdoor passwords, or ways to be reset via a key combination (specifically the END key), and quite easily via software to manipulate the password protection. Totally disabling security methods implemented could easily be done once DOS is accessed, usually after bypassing the BIOS password, using a boot disk, or selecting DOS from the startup menu if possible (f8). After that, you could modify the registry, autoexec.bat, or other startup files that are enabling the security policies. Working past security methods implemented by administrators is generally done via third party software (or software not directly related to the operating system). You could use scripting via Office, manipulating files via a Web browser, via Winzip, or other third party software. In short, if you have physical access, the security methods might as well not exist. (Generally applicable to all operating systems.) To any administrator, if you are concerned about physical security, the best method would most likely be locking the system in some sort of cabinet or other room, depending upon your options. Also, disabling certain keys on the keyboard would largely limit the options. You could always use a dumb terminal-based serial setup. (Depending upon your OS of choice, I suppose. There are most likely solutions for many operating systems.) If the software security policies are not well-thought and well-implemented even if the physical machine is locked away, it will make little difference. Some good software policies are to disable booting of disks, other devices, et cetera. Enable a BIOS password (although more a limited deterrent than anything else.) Perhaps even have some sort of password enabled using the MbR (I know LILO supports this.) Have some sort of software preventing the access of DOS via breaking the autoexec.bat, using the startup menu, or other such common methods. Largely disabling access to the main hard-drive, and available software. Most Internet stations need a (limited) Web browser and perhaps a simple text editor. If the software is not needed, do not have it installed, and especially do not have it accessible if not needed. Same basic remote access security policies apply, which I will not cover. In Windows, disabling the start menu, right click on desktop (and most shortcuts/software/whatever) is also a good policy. You should also, of course, keep the system(s) up to date with the latest hot-fixes, security fixes, bug fixes, and software updates. If you have vulnerable software, it obviously compromises the software aspect of your security policies. There are many, many, other things you can do. Those are just some good general recommendations, and most are easily bypassed (as covered above) if a person has complete physical access. These main reccomendations are mainly for a public workstation of sorts, with data of no concern on the machine. If sensitive data was on the machine, somebody could also steal the hard drive. I could ramble on about this for a bit more, but I will stop here. I am also not covering this aspect in this posting. I apologize for not directly crediting each contributor to this discussion but so many people voiced the same opinions and searching through all the old postings is simply beyond my available time. This summary is from memory, if I forgot anything, please feel free to point out my errata or add to my summary. To continue this discussion, why not cover other operating systems? Specifically Windows NT, or Windows 2000, which is not as easily bypassed as 9x. Unix-based operating systems typically require a boot disk of sorts to bypass the superuser password. Depending on the security methods implemented, this can also be prevented. This is another area that could be discussed. Regards, -- __ ______ ____ / \ / \ \ / / WHiTe VaMPiRe\Rem \ \/\/ /\ Y / whitevampire () mindless com \ / \ / http://www.projectgamma.com/ \__/\ / \___/ http://www.gammaforce.org/ \/ "Silly hacker, root is for administrators." <HR NOSHADE> <UL> <LI>application/pgp-signature attachment: stored </UL>
Current thread:
- Windows: Local Security Workarounds - Other operating systems? WHiTe VaMPiRe (Apr 06)
- Windows: Local Security Workarounds-DD Diedra Holley (Apr 07)
- Re: Windows: Local Security Workarounds-DD Bluefish (Apr 08)
- Re: Windows: Local Security Workarounds-DD H D Moore (Apr 08)
- Windows: Local Security Workarounds-DD Diedra Holley (Apr 07)