[unisog] Remote Access Problem

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Feb 23 19:27:32 GMT 2007

On Fri, 23 Feb 2007 18:40:19 +0200, avi shvartz said:
> The security people raised a concern that a developer can copy the disk image and log on
>   using his smart card from a different computer, outside the lab.

And I totally missed this point the first time around:

So the Bad Guy Developer clones the disk, takes it home, puts the clone on
a machine there, and boots it.  What does he get?

An image of a computer controlled by *your* AD, and hardened the way you want it.
In other words, he's got the *exact same thing* he'd have while sitting in
the development lap.  So your actual threat model still looks almost the same.

The only difference is that if he's breaking the system in the lab, he has
to answer potentially embarassing questions about why he's breaking the lab
system.  If he takes it home, he can avoid those questions, but *does* have to
worry about being asked why he's cloning the disk in the lab.

And a skilled attacker should be able to (given physical access) take the box
down, backdoor it, and leave in under 5 minutes.  He probably can't clone the
disk for travel home in 5 minutes.

Personally, I'd be *more* worried about the fact that you can't control
what he does to the system during a 5-minute hacking run against the box in
the lab....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/unisog/attachments/20070223/c895dfca/attachment-0001.bin 

More information about the unisog mailing list