[Dshield] He thinks he is bulletproof, is he?

Tom Geairn tgeairn at newviewconsulting.com
Fri Dec 5 15:38:24 GMT 2003



What about physical security?  Can I walk in and access his computer
without even basic username/password protection?  How is the data stored
on his system?  Secure? Encrypted? Even rudimentary auditing?  I'm
guessing none of these.  Can I pull his FAT formatted hard drive, copy
everything off, and access it all without even the difficulty of ACL
type protection?

What about 'net encryption on the LAN?  My "high security" clients use
IpSec between clients and the print servers to avoid packet inspection
of print jobs...  Does he have a DOS print redirector that supports
this?

Is there any type of security for the proprietary information contained
in the emails or is this user adding yet another opportunity to capture
the text enroute?  I read your/his comments regarding using SSH to
access Pine for mail, but what security exists on the *nix system where
the mail is stored?

Let's face it- even if his system were 100% immune regarding malware
(which it is not, given that DOS was and is not), by not
accessing/storing/using the proprietary information in a standardized
way that IT can predict and secure, this user is compromising the
security of the information.

Lastly, I've noted the comments of several others saying that this user
is a good candidate for Linux.  Why?  What does that add to the picture?
Even if Linux were as static in its development as DOS is now, there
would still be a period of several years where new holes and exploits
would be discovered.  Add to that the fact that other users of this
information are using Windows and now you are forcing IT to manage
security for multiple platforms again (and (g)od knows they have a full
time job just keeping one platform secure!).

-Tom Geairn
NewView Consulting, LLC



---------------------
>>
I suspect he is very vulnerable to something, but lack enough root 
knowledge of TCP/IP and DOS to speak with certainty.  I agree he is
safer 
than many, even safer than some with firewalls and AV software in that
most 
virus writers these days don't seem to be expecting a DOS based machine,

but I suspect he isn't as malware proof as he thinks.  He on the other
hand 
believes he is completly bullet proof to all forms of malware and 
probe/infection attempts.  I'd like a second opinion.





More information about the list mailing list