Security Basics mailing list archives
Re: Remotely manage Zone Alarm
From: Birl <sbirl () temple edu>
Date: Fri, 5 Sep 2003 13:50:49 -0400 (EDT)
As it was written on Sep 5, thus gregh spake: [snip] chows: > Is there a way to centrally manage Zone Alarm settings or is this user chows: > completely shielded while inside our network? chows: chows: ZA Pro is far from being inpenetrable. You only have to look on other securityfocus list archives to see what I mean. There are 3 things I can immediately think of that may help and not be too nasty for you: chows: chows: 1) If the user isnt all that aware and just HAPPENS to run ZA Pro, tell him there is a need to make sure something is correct each time as you are not getting something or other on your network correctly. Even fake an incident where real work he is supposed to do remotely wasnt actually done to "prove" it. If you can convince him, put a program of your choice that does the same sort of thing PC Anywhere does and make sure his ZA Pro allows PC Anywhere (or the prog of your choice like it) full access on his machine before you give it back. You can remotely allow anything you want with that sort of access. You might even just tell his ZA Pro to allow FULL access from a certain IP number you control to do anything and then make sure his machine allows that sort of access as a WIN98 machine would for example. He wouldnt have a clue about anyone monitoring him then. chows: chows: 2) Check out Full Disclosure and other lists here at chows: SecurityFocus. There are floods you can send at ZA Pro that stops chows: it working. Then you can get in. Have to disagree on that. Every exploit/flood/etc that has been posted to bugtraq and full-disclourse (especially the recent UDP DoS attack) has failed to bring down ZA Pro in the test labs. Since I run ZA Pro, whenever I see an exploit I immediately bounce it over the ZoneLabs people for investigation. I dont doubt that ZA Pro can be broken, but I havent seen it done and I am willing to take ZoneLabs answer at face value. chows: 3) Just install something that watches everything he does and reports it back to you but to be honest, you would be better shoring up access your end. You might consider thanking him for pointing out holes in YOUR network! chows: chows: Greg. Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====* --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Remotely manage Zone Alarm Cesar Diaz (Sep 04)
- RE: Remotely manage Zone Alarm Zachary Mutrux (Sep 04)
- Re: Remotely manage Zone Alarm gregh (Sep 04)
- Re: Remotely manage Zone Alarm Birl (Sep 05)
- RE: Remotely manage Zone Alarm Jef Feltman (Sep 08)
- Re: Remotely manage Zone Alarm gregh (Sep 08)
- Re: Remotely manage Zone Alarm Birl (Sep 05)
- RE: Remotely manage Zone Alarm Aditya (Sep 05)
- <Possible follow-ups>
- RE: Remotely manage Zone Alarm Halverson, Chris (Sep 04)
- RE: Remotely manage Zone Alarm Mike Peppard (Sep 04)
- RE: Remotely manage Zone Alarm Jay Woody (Sep 04)
- Re: Remotely manage Zone Alarm Thomas Graf (Sep 04)
- Re: Remotely manage Zone Alarm Birl (Sep 05)
- Question on Corrupted BlackIce Defender Installation Paul Fishbein (Sep 11)
- RE: Question on Corrupted BlackIce Defender Installation matt willson (Sep 15)
(Thread continues...)