Re: [fw-wiz] Assessment Of GoToMyPC vs. Network Security



If you are allowing employees to add new WLANs, then why worry about
GoToMyPC? You've got much bigger problems.

Check out Simple Nomad's talk (ppt and movie included) about hacking
WiFi clients.
http://www.shmoocon.org/speakers.html#simple

Your firewall isn't going to do a thing to stop you from being
compromised. Attacking the wireless clients is enough. Desktop
firewalls can help, but MiTM attacks can still be quite successful.

Also, I'd suggest telling your Windows folks that there are very few
apps that require Administrator access. If all the app needs to do is
write a few registry keys or files, use the free tools from
sysinternals.com to profile its behavior and then change the ACLs
(perhaps through a group policy). Running as power user doesn't help,
as a power user is just someone who hasn't made themselves a full
administrator yet.

It sounds like you need to explain the idea that a firewall is not all
that makes up a secure network to your upper management.

- Chris

On 4/7/06, Jim Seymour <jseymour@xxxxxxxxxxx> wrote:

"Paul D. Robertson" <paul@xxxxxxxxxxxx> wrote:

You can control what software an employee can install, that's getting
easier/better in a Windows environment.
[snip]

Nice in theory. Doesn't appear to work in practice. We have, for
example, employees that must be able to add new WLANs when they're on
the road. Lack of "Administrator" access apparently precludes this.
Ran into another one today. Volo View (an AutoCAD viewer application)
insists on trying to modify the system registry. So if the end-user
doesn't have "Admin," or at least "Power User," rights: No go. The
list goes on and on. Suffice it to say, we tried, we really, really
tried (and we're still trying) to limit end-user access as much as
possible. But success has proven elusive. (Note: I'm not the 'doze
guru. I'm going by what little I know and what those who are supposed
to know tell me.)
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • More Democrat Fraud: NBC
    ... Officials Got Improper Bonuses ... city administrator and senior officials in the Office of the Mayor," ... Employees received a total of $525,846 in bonuses that were not submitted, ...
    (rec.music.artists.springsteen)
  • Re: Republican dictatorship starts with the schools in Wisconsin
    ... The School District of Maple in Northern Wisconsin has dictated terms ... local employees and unless Wisconsin law specifies all of these issues ... The newly appointed administrator is a well known ... is clear that some local officials are eager to use the impending laws ...
    (alt.politics)
  • Re: How to secure the Administrator account?
    ... >>Administrator Account: We regularly rename and place strong passwords ... >>company and never to the normal "administrator" of the network. ... > 1) As you pointed out, your employees have to have system authority ...
    (microsoft.public.win2000.security)
  • Re: pcAnywhere...Outbound Only.
    ... >to connect to a host OUTSIDE of our network. ... Our firewall administrator, came to me and asks me if I had any ... >list of employees that can do this. ...
    (Security-Basics)
  • Re: Design problem and suggestions...
    ... I suspect that the reason for considering that all those roles mentioned as ... >> administrator also be a doctor, and another administrator also be a ... > between Employees and Customers i.e. what percentage of patients are ... > the physical sense but perhaps not in the data model. ...
    (microsoft.public.access.tablesdbdesign)