Re: Article: Windows XP Wide Open Using Windows 2000 CD-ROM
From: Thomas Kristensen (tk@SECUNIA.COM)
Date: 02/20/03
- Previous message: Petter Nordahl-Hagen: "Re: Article: Windows XP Wide Open Using Windows 2000 CD-ROM"
- Maybe in reply to: Donovan Bernauer: "Article: Windows XP Wide Open Using Windows 2000 CD-ROM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Feb 2003 16:31:29 +0100 From: Thomas Kristensen <tk@SECUNIA.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
PC's and password security equals no security!
In the last few days various danish IT news sites, IT security companies
and now Donovan Bernauer on NTbugtraq, have reported an apparent
security vulnerability in Windows XP. It has been described how a
Windows 2000 recovery CD can be used to reset passwords on Windows XP
machines.
In my opinion this is, however, based on a misunderstanding of security
concepts. There is no operating system today, which in a standard
installation offers protection against the use of boot discs,
installation- / recovery-cd's or users, who remove the harddrive and
place it in another physical machine.
There exists only one kind of protection against this kind of
“vulnerabilities”, that is to encrypt the contents of your harddrive. A
number of different solutions exist, one is SafeGuard Easy for Windows,
others are CFS and TCFS for Linux, but many other solutions are
available too.
It is important, when you install PC systems, to consider just how
secure the system should be. Below we have described a few “security
levels”:
Low security: Systems without bios password. Users are allowed to boot
from floppy disks and CD's. The operating systems could be DOS, Windows
95 or Windows 98, where bypass of security is trivial.
Limited security: Bios setup password. It should not be possible to boot
from floppy disks and CD's without the bios password. The operating
system should be one that offers protective measures such as Windows NT,
Windows 2000, Windows XP and Linux. The operating system must be
configured so that it doesn't allow users without the admin password to
boot into “safe mode” or “single user mode”.
This ensures, that nobody can gain access to the system without
physically opening the chassis, resetting the bios or placing the hard
drive in another machine.
this level of security is the easiest and cheapest to implement. For
most companies this is sufficient, except for portable PC's.
Increased security: The security can be improved further by bolting the
PC system to non moveable objects, placing locks and alarms on the
chassis. Further improvements could be biometrical access control to the
offices, video surveillance and so on.
High security: This requires at least implementation of “limited
security”, as well as some means of encryption of the entire content of
the hard drives. This can be improved further with “increased security”.
The only way to protect a portable PC is to encrypt the contents of the
harddrive, If it has not been encrypted, the hard drive can be placed in
another portable and the data are easily accessible.
In other words, Microsoft's steps to protect the system by not providing
a boot and recovery solution are completely pointless.
If malicious people are willing to gain physical access to your PC,
there is only one effective counter measure – encryption – all other
counter measures are merely a nuisance that may be circumvented in
seconds.
But even encryption can be bypassed, if a malicious person installed a
hardware key logger on the keyboard wire:
http://www.keyghost.com/
The conclusion is, that what some claims to be a vulnerability, in
reality is a fundamental and very well known and documented design
problem in modern PC systems.
-- Kind regards, Thomas Kristensen CTO Secunia Scandinavia Toldbodgade 37B 1253 Copenhagen Denmark Tlf.: +45 7020 5144 Fax: +45 7020 5145 www.secunia.com oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Delivery co-sponsored by TruSecure Corporation oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo TICSA - Anniversary Special - Limited Time Become TICSA certified for just $221.25 US when you register before 3/31/03 with PROMO "TS0103" at www.2test.com. NO membership fees, certification good for 2 years. Price for international delivery just $296.25 US, with this offer. Offer cannot be combined with any other special and expires 3/31/03. Visit www.trusecure.com/ticsa for full details. oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Next message: http-equiv@excite.com: "O UT LO OK E XPRE SS 6 .00 : broken"
- Previous message: Petter Nordahl-Hagen: "Re: Article: Windows XP Wide Open Using Windows 2000 CD-ROM"
- Maybe in reply to: Donovan Bernauer: "Article: Windows XP Wide Open Using Windows 2000 CD-ROM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
