From: dcdave@att.net
Date: Fri Dec 07 2007 - 07:00:20 EST
This raises an interesting question.
If the HIPS is functional and up to date and compliant with your network requirements for security, why shouldn't you allow it on the network? It probably wouldn't be subvertible by other sources, right?
Wrong. I can think of at least three good ways to subvert a machine on a network running its own HIPS.
One of the most simple and dangerous is that, based on the original concepts of the NCSA in the Orange Book, there are three basic legs to information security. Only one composed of the actual electronics and networks.
Ask any pen-tester with experience in the real world, especially in social engineering, and you will find that the other two legs, Physical Security (physical access to the computing resources) and Personnel Security (the ability to feel that due diligance has been done to assure the integrity of the personnel who are authorized to access the computing resources) are equally important.
So, the location of the laptop plugging in, and the amount that you know of the person operating it are trul;y important considerations. Hackers and corporate spies (not to mention the other kind) really do use these methods to invade a network.
I have always felt that if a network's security were MY responsability, I would NOT allow any uncontrollable factors onto it. In the real world, there are many shades of gray, both in liabilities and culpabilities, and ultimately one may have to follow orders. If so, get them documented and signed....
Dave Druitt
-- CSO InfoSec Group 703-626-6516 -------------- Original message from "Sutton, Paul A." <SuttonP@aafes.com>: -------------- > You would not be able to manage that laptop. Who is going to perform > security updates on the OS and ensure their AV is and remains current? > What software are they bringing into your network? Unless you have a > guest network no computer that you cannot manage should not be allowed > on your network. > > Paul Sutton > Network Data Security Analyst > IT-G IT Security Management > 214-312-6376 > > > -----Original Message----- > From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] > On Behalf Of Albert R. Campa > Sent: Monday, December 03, 2007 1:14 PM > To: pen-test@securityfocus.com > Subject: Scanning a system with HIPS installed? > > As far as allowing visitor laptops on your network, when you scan a > laptop you would disable any HIPS/Firewall system that is installed so > as to perform a full scan. > > Is there a major reason to not allow a laptop on the network if you > could not disable the HIPS(because of admin rights) and just scanned > it with HIPS running? > > thx > > ------------------------------------------------------------------------ > This list is sponsored by: Cenzic > > Need to secure your web apps NOW? > Cenzic finds more, "real" vulnerabilities fast. > Click to try it, buy it or download a solution FREE today! > > http://www.cenzic.com/downloads > ------------------------------------------------------------------------ > > > ------------------------------------------------------------------------ > This list is sponsored by: Cenzic > > Need to secure your web apps NOW? > Cenzic finds more, "real" vulnerabilities fast. > Click to try it, buy it or download a solution FREE today! > > http://www.cenzic.com/downloads > ------------------------------------------------------------------------ > ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:14 EDT