Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spying in a corporate environment

From: Tremaine Lea <tremaine () gmail com>
Date: Thu, 22 Nov 2007 11:33:08 -0700
On 22-Nov-07, at 8:47 AM, Ansgar -59cobalt- Wiechers wrote:


On 2007-11-22 Mario DeBono wrote:

If you have a 2003 domain enforce group policies and restrict access
to certain windows components. I presume even if a user has admin
rights on a pc, he should not be able to over right the group
policies, if he is not so keen to remove the policies from the pc
himself.
You're mistaken. A local admin can override policies (at the very least 
for a short while until they are reapplied), and even if that wasn't
possible (s)he can always log on locally, in which case domain policies 
don't apply at all. The only way to control users with local admin
privileges is to revoke their local admin privileges. Everything else
are futile efforts.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
There are a lot of ways to control and monitor user behaviours outside host controls that can be overridden by local administrators. Network and gateway AV scanning, content controls at the perimeter, proper network segmentation, intelligent use of ACL's .... the list goes on. In most office environments, any harm that is going to be done to a pc is brought in by the user to the desktop via the network.
Prevent it from getting to the desktop. Tie that in with use of a variety of network controls and you can dramatically increase the safety of your infrastructure. 

Cheers,

---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"
Previous By Date Next
Previous By Thread Next

Current thread: