Bugtraq mailing list archives
Re: reporting local security problems for WinNT (Re: Escalation of privileges)
From: H Carvey <keydet89 () YAHOO COM>
Date: Sun, 13 Aug 2000 10:58:48 -0000
Checking permissions at install time isn't sufficient.
Since the subject line contains NT, I thought I would chime in here... I agree that some sort of scanning program or process, as part of a policy-based security management architecture, is necessary. The scanning program would go out to a machine or multiple machines and verify policy compliance. This is just what I presented in my paper at the recent Usenix LISA-NT conference: http://patriot.net/~carvdawg/publications.html Checking file integrity, ACLs (for files, dirs, Reg keys, and shares), Reg key values, services, etc....it's all quite simple. Another step beyond that is to alert on those things that need it (failure of integrity check) and correct those that can be corrected automagically...depending upon policy. My current architecture for this is to have a central security management station and run all checks from there. If this doesn't work for you, it's quite simple to move to an agent-based system, with agents (or services) running on remote systems. Or some combination thereof... I've got the code written up for such an app and I'm working on the documentation. The thing that I've found is that my research and efforts have identified certain Registry keys as very important to the security posture of a system...and yet, most folks I run into (a) don't know about it, and (b) don't want to research it themselves. I've got a small demo available now, located at: http://patriot.net/~carvdawg/projects.html It's small b/c it uses only those Perl modules that ship with the install of ActiveState's ActivePerl build 61x. The full-blown app uses other modules that are relatively simple to install... The whole purpose of this app is to fill the gap that I've seen mentioned here and on other forums..."It would be cool to have an app to do this or that..."... Carv keydet89 () yahoo com
Current thread:
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) der Mouse (Aug 11)
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) H Carvey (Aug 14)
- Re: reporting local security problems (was: for WinNT) Claus Assmann (Aug 14)