A thumbdrive would have solved this whole thing... I'll send you a 16MB one, if you're that desperate. :heart:
Layer 2-4 devices cannot inspect layer 7 traffic. Please explain how a firewall is to block malicous code.
Id also like to know how a layer 2 device (as you explained) can identify and remove a worm - given that you belive even a layer4 device can do it (which it can't)
And in your training you should have learned that basics....
Servers are easy to protect, the clients are not and is where most security actions should be focused.
Especially remote control tools....I mean c'mon dude. That is right up there with PCanywhere and a modem or allowing null passwords.
TheLonelyPhoenix
Diamond Member
- Feb 15, 2004
- 5,594
- 1
- 0
I come from the real world, not what you find on google. Lip service from a department is just that, lip service. If you came from the "real world" as well you would know how truthful mission statements are.
next?
You still completley fail to adress a single threat that Remote Desktop poises an educational environment that banning Remote Desktop would adress. I reiterate, you do not have any idea what you're talking about.
Listening to acemcmac argue with spidey07 is hillarious. Spidey knows his sh|t - you lost this arguement.
acemcmac :thumbsdown: :thumbsdown: :thumbsdown: :thumbsdown: :thumbsdown: :thumbsdown:
spidey07 :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup:
acemcmac :thumbsdown: :thumbsdown: :thumbsdown: :thumbsdown: :thumbsdown: :thumbsdown:
spidey07 :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup:
Well, at least your admins had enough sense to turn it off.
Us? We have root access to the C:\, Registry, and device manager.
The chaos one could wreck on those computers is amazing.
Us? We have root access to the C:\, Registry, and device manager.
The chaos one could wreck on those computers is amazing.
TheLonelyPhoenix
Diamond Member
- Feb 15, 2004
- 5,594
- 1
- 0
Or, instead of biznitching, you could install tightvnc, and point IE to http://IP:5800
www.tightvnc.com
-Monzi
www.tightvnc.com
-Monzi
sure, next thing you're going to tell me is that educational environments mandate that kids in dorms run the latest ghost images and are locked into the domain for security.... This is not how education works. That is how corperations work. Admit that you have no idea what you are talking about. State Universities are just as beholden to their sworn mission statements as the President is to look out for the best interests of the country- It's all government
One single moron allowing it without knowing what it is or what it does is reason enough. Just what you need, a professor allowing the students to control his PC.
I am intimately familiar with netflow and the third party tools to analyze the information provided.
Please explain how netflow can remove a worm as you posted and I quote again...
"If Cisco has firmwares that, at swich level, can identify and remove common variants of worms etc, firewalls can be configured to provide the same basic security to primative remote sessions"
And for your information software running on Cisco Systems router and switches is called IOS or CatOS, not firmware. We reserve firmware for the kiddy linksys stuff.
Look kid, I've been doing this stuff quite a long time now and your gripes have all been heard before. If you wanna "own" then provide your own insight, not something you found on google.
How the hell was he owned? The guy (not the router) in the article used the output from a traffic monitoring tool to identify a worm. The guy, not the router, fixed the problem (which, according to you, shouldn't have even entered the network anyways!).
Again, I'll reiterate my experience having designed and built network strategies for Purdue University, University of North Carolina and some work at the pentagon (with associated clearence)
A security policy is developed with input from the network security department, ops, support and officer level. Once it is agreed upon technology is used to enforce that policy.
One of the most basic components of security policy is remote control. It has been decided that the network you are attached to will not allow remote control software.
But hey if you want to get around that policy then by all means do, its not hard.
So how does a layer4 firewall in combination with layer 2-3 routers and switches stop malicious code, let alone remove it?
Wouldn't you need some kind of layer7 device? say a scrubber? I'm still confused how a layer4 device can analyze layer7 traffic/behavior.
I mean sure you can do the basic IDS stuff with a layer3 device to detect and possibly take action of malicous activity (scanning, know exploits, known worm signatures, IPS hits), but no way in hell would any of that stop malicous activity flowing over a remote control session.
none.
Now that I've schooled you on network security I'll expound a bit. Its called defense in depth - the switches do what they can, the routers do what they can, the firewalls do what they can, the IDS/IPS do what they can.....and that's all they can do.
The security policy takes care of the rest by dictating the "policy" of what the end nodes can or cannot do. That policy is then translated into software - group policy, requiring an agent on each and every host to ensure compliance, etc. In the end it has to do with running code and the only way to prevent code running on a host is by having something on the host.
You ghosted that pc. You dened the prof admin access, you left its adress externally adressable, if it gets rconned, that's your fault.
and as far as the Cisco stuff goes, I forget if it was from Network Computing, or from the Cisco rep I met with this summer prior to our selection of vendor for the new on-campus construction, but I know that the new magic product was going to be switches that could run their own traffic intradiction. Sorry if I grabbed the wrong link.
Wanna call me a kiddie? Fine, but don't even pretend that your corperate logic even applies to an academic insitution. In this state, it is policy, that even if a client on the state system network is grossly abusing the bandwith, we may NOT turn him or her off completley. We must thorottle them down to no less than 56k speed because we are not allowed to deny or obstruct the freedom of that client to access the information. Does it make sense? No. Does it defy corperate logic? Yes. Does having RCON allowed Defy corperate logic? Yes. Is denying RCON necessary for an academic institution? No, absolutley not- and that was my whole point.
Ironically, now that I've been pondering it.... the removing of the shortcut to remote desktop was probably more the decision of the inteirn who made the ghost image for the library and less that of a site wide policy because no other labs are like that.
I will try to find a better source for you when I get back home, it's the least I owe you. Thank you for your input, but I gotta scram now... meeting las chicas at the gym.
You seriously have to explain to me WHY "banning" remote control is productive at all though... I still don't understand that....
If you had a known backdoor trojan running on port 5555 would you willingly allow that port free reign on a network?
Remote desktop is the same.
But in fun, just tunnel everything through 443 and you'll be just fine. That's what we're really afraid of because there is nothing we can do to stop it. Layer7 devices can detect applications no matter what port they are running on (think "run any program over port 80"), if its encrypted there isn't jack we can do.
Which is why I really hate the idea of SSL VPNs.
-edit- Cisco is promising a lot these days, the goal being to build layer2-4 intelligence into their switches to detect and act on bad stuff. Their self-defending network initiative. Right now their IOS routers have the basics of identifying bad stuff. Switches do not, although it is promised in phase 2 of NAC. Which according to my inside sources is in a few months, but we've been hearing that for a few months now.
NAC:
http://www.cisco.com/applicati...t_0900aecd800fdd58.pdf
http://www.cisco.com/applicati...t_0900aecd800fdd58.pdf
http://www.cisco.com/applicati...t_0900aecd80217e26.pdf
Remote desktop is the same.
But in fun, just tunnel everything through 443 and you'll be just fine. That's what we're really afraid of because there is nothing we can do to stop it. Layer7 devices can detect applications no matter what port they are running on (think "run any program over port 80"), if its encrypted there isn't jack we can do.
Which is why I really hate the idea of SSL VPNs.
-edit- Cisco is promising a lot these days, the goal being to build layer2-4 intelligence into their switches to detect and act on bad stuff. Their self-defending network initiative. Right now their IOS routers have the basics of identifying bad stuff. Switches do not, although it is promised in phase 2 of NAC. Which according to my inside sources is in a few months, but we've been hearing that for a few months now.
NAC:
http://www.cisco.com/applicati...t_0900aecd800fdd58.pdf
http://www.cisco.com/applicati...t_0900aecd800fdd58.pdf
http://www.cisco.com/applicati...t_0900aecd80217e26.pdf
How the hell does removing remote access client improve security. That is like cutting off everyone hands at the college so they can't open your unlocked door. Might I suggest fixing the rooted boxes. All someone would have to do to get around your 'security" is bring a laptop.
dude. Its not your computer, it'd be best if you just got over it. Admins are paid to manage every network resource. If you don't like it, use a computer with a different policy. All they did was remove the shortcut. If that jacked you up that bad, then maybe you shouldn't be using RD in the first place.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter