Home page logo

basics logo Security Basics mailing list archives

Re: Spying in a corporate environment
From: Tremaine Lea <tremaine () gmail com>
Date: Thu, 22 Nov 2007 11:33:08 -0700

On 22-Nov-07, at 8:47 AM, Ansgar -59cobalt- Wiechers wrote:

On 2007-11-22 Mario DeBono wrote:
If you have a 2003 domain enforce group policies and restrict access
to certain windows components. I presume even if a user has admin
rights on a pc, he should not be able to over right the group
policies, if he is not so keen to remove the policies from the pc

You're mistaken. A local admin can override policies (at the very least
for a short while until they are reapplied), and even if that wasn't
possible (s)he can always log on locally, in which case domain policies
don't apply at all. The only way to control users with local admin
privileges is to revoke their local admin privileges. Everything else
are futile efforts.

Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

There are a lot of ways to control and monitor user behaviours outside host controls that can be overridden by local administrators. Network and gateway AV scanning, content controls at the perimeter, proper network segmentation, intelligent use of ACL's .... the list goes on. In most office environments, any harm that is going to be done to a pc is brought in by the user to the desktop via the network.

Prevent it from getting to the desktop. Tie that in with use of a variety of network controls and you can dramatically increase the safety of your infrastructure.


Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]