Re: Workstation security question

From: Tod Beardsley (todb@planb-security.net)
Date: 06/05/02


Date: Wed, 5 Jun 2002 08:38:24 -0700
From: Tod Beardsley <todb@planb-security.net>
To: jradtke@admin1.umaryland.edu, focus-ms@securityfocus.com

jradtke@admin1.umaryland.edu (Tuesday, June 04, 2002, 6:00 AM) wrote:

> Should we be concerned enough about someone hacking into the workstations
> and then tapping into our servers to put software based firewalls at each
> workstation.

Heya Jason. In addition to the network worm threat, here's a couple
more things to consider:

Traditionally, it's not that hard for a locally-logged on user with
direct physical access to the hardware to increase his local
credentials to that of local administrator -- especially if nobody's
watching him closely as he's sitting at the terminal.

Once he's at a 0wned machine, the attacker is free to target other
machines at will.

Also, I would expect that a university setting would engender a more
aggressive local attacker than you would typically encounter in an
otherwise similar corporate environment, which would further justify
stronger host-based defenses.

-- 
Tod Beardsley (GCIA, MCSE)
"It's okay to yell fire in a crowded theater if
the theater is actually on fire."