[unisog] Pen testers after my own heart...

Gary Flynn flynngn at jmu.edu
Tue Jun 13 12:36:06 GMT 2006


Jim Dillon wrote:

> The reason this concerns me a little is that I think we will all be
> forced to something two-factor in the next few years due to our
> inability to prevent spyware from infiltrating our systems.  Recent
> scans we've done with the assistance of Webroot left me with the
> distinct conclusion that I couldn't trust 6% of the boxes tested to not
> be fully compromised, including password, as they showed either
> key-loggers, rootkits, or active Trojans.  Another 80% are suspect but
> not proven to be compromised.  How high will that percentage have to go
> before two factor authN is a necessity? 
> 
> Still seeking some semi-panacea for our end-user workstation security
> woes.  I think it will ultimately be a hard-drive with an encrypting H/W
> front end that stores it's key on a security device (probably USB) so
> that you have true two-factor control, real-time full device encryption,
> and little risk of the device itself being compromised w/o the key and
> it's code!

The problem with that is that a person will come into the office
in the morning, plug the USB key in ( assuming they unplugged it
at night ), and leave it there all day. If the workstation is
compromised, I'm not sure the USB key ( or smartcard, or PKI, or
biometrics ) will buy much in the long run other than to deter
script kiddies. The main value of two factor is to prevent logins
from elsewhere which certainly cuts down the attack space.

-- 
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2836 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.dshield.org/pipermail/unisog/attachments/20060613/a8974e93/attachment.bin 


More information about the unisog mailing list