[unisog] Remote Access Problem

Weber, Don Don.Weber at tamucc.edu
Fri Feb 23 17:33:06 GMT 2007


You are speaking of physical security here.  Yes, the hard drives can be
stolen but, then again, how about the whole system.  Can it be
physically removed from the location?  Are the systems in locked racks?
Are the racks bolted to the floor?  

There are ways to encrypt the hard drive and relate that to a dongle.  I
am not familiar with these but I have heard about them.  But if the
whole system is stolen then the dongle goes with the machine.

There might be a way to require network connectivity for authentication
but I am not sure off the top of my head.  

Of course, as I am thinking about this you may have other problems.  Is
your concern theft of intellectual property?  Have the media devices
been disabled (CD/DVD-R, Floppy, USB, Firewire)?  Do the developers have
email access that allows them to email files?  What about printing?  So,
maybe all of these activities produce an audit trail.  Well, what about
a digital camera taking pictures of the information displayed on the
screen?

You may want to go over your risk assessment again.  Look at the threats
and vulnerabilities then correlate that with the likelihood and impact.
After that you should reconsider your countermeasures.  Are they
sufficient for this situation?  You may end up pulling this development
environment back to a more controllable area, you may decide that you
are willing to accept some of these risks, or, most likely, you will
find a happy medium with the additional information.  Be sure to include
the manager from the development team so that he can provide input as
well.

I would also think about the people you have contracted with for
development.  Have they signed non-disclosure agreements?  Have their
employees undergone a background investigation?  Has their team been
given any security training?

I know I haven't given you a specific answer but I hope that this will
help you to identify the root cause.

Good luck,
Don

--
--------------------------
Take Care,
Don C. Weber
IT Security Manager - Texas A&M-Corpus Christi
CISSP, GSNA-Gold, GCUX-Silver, GSEC-Gold, GAWN-C

#########################################
Office: 361.825.2124  Cell: 214.394.8112
Pager:  361.224.0896  Fax:  361.825.5882
Email:  don.weber at tamucc.edu
                  
6300 Ocean Drive, Unit 5890
Corpus Christi, TX 78412-5890
#########################################


-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org] On Behalf Of avi shvartz
Sent: Friday, February 23, 2007 10:40 AM
To: Unisog
Subject: [unisog] Remote Access Problem

Hello list,

 

 We have a sub-contractor that develops software in his own lab, not in
our campus.

 However, the computers in his lab are controlled by us, connected to
our Active Directory, and 
   the developers are logging using smart card windows authentication.

 

The security people raised a concern that a developer can copy the disk
image and log on
  using his smart card from a different computer, outside the lab.

 

Is there a way to overcome this issue ? example: tight the system to
some physical attribute of the compute ?

 

We do take care of regular application level backup so we are willing to
"pay the price" and reinstall the 
   operating system etc. in case that the hardware will fail.

 

Regards,

Avi

 




More information about the unisog mailing list