Re[2]: Windows 2003 Server - MS Rulez?

From: Street (streetseeker_at_mail.ru)
Date: 05/26/03

  • Next message: Laura A. Robinson: "RE: Windows 2003 Server - MS Rulez?"
    Date: Mon, 26 May 2003 12:14:27 +0400
    To: "Laura A. Robinson" <larobins@bellatlantic.net>
    
    

    Hello Laura,

    Saturday, May 24, 2003, 2:34:48 AM, you wrote:

    LAR> Hash restrictions are only one of four new methods for restricting software.
    LAR> You can restrict by path (usually you would actually be *un*restricting by
    LAR> path when your default policy is a disallow), you can restrict by Internet
    LAR> zone, you can restrict by hash, and you can restrict by code signing.
    LAR> There's quite a bit more to it than I've listed here, but you may want to
    LAR> start here:

    LAR> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
    LAR> ol/winxppro/maintain/RstrPlcy.asp

    LAR> And as far as whether or not there is a way around the hash, absolutely
    LAR> there is. Bring another version of the software to the machine. Its hash
    LAR> will be different. That's why hash rules would be better for *allowing*
    LAR> software under a disallow by default policy as opposed to *disallowing*
    LAR> under an allow by default policy.

    LAR> Laura

    >> -----Original Message-----
    >> From: Street [mailto:streetseeker@mail.ru]
    >> Sent: Friday, May 23, 2003 6:02 PM
    >> To: focus-ms@securityfocus.com
    >> Subject: Windows 2003 Server - MS Rulez?
    >>
    >>
    >> Hello list. Today I have attended to official presentation of
    >> Microsoft Windows 2003 Server. And the representatives of
    >> Microsoft gave to my organisation an evaluation version of
    >> 2003 Server. That thing looks very secure, i.e. known methods
    >> of attack did not gave a damn thing. Also I learned an
    >> interesting feature - prohibition of launch of any program is
    >> not made by its exe name - it makes a hash from the body of
    >> program and politics are applied using this hash. I wonder
    >> whether this method is secure and if there are any ways to defeat it.
    >>
    >> Any thoughts? Thank you in advance.
    >>
    >> --
    >> Best regards,
    >> Street mailto:streetseeker@mail.ru
    >>
    >>
    >> --------------------------------------------------------------
    >> ---------------
    >> *** Wireless LAN Policies for Security & Management - NEW
    >> White Paper *** Just like wired networks, wireless LANs
    >> require network security policies that are enforced to
    >> protect WLANs from known vulnerabilities and threats.
    >> Learn to design, implement and enforce WLAN security policies
    >> to lockdown enterprise WLANs.
    >>
    >> To get your FREE white paper visit us at:
    >> http://www.securityfocus.com/AirDefense-focus-ms
    >> --------------------------------------------------------------
    >> ----------------
    >>

    LAR> -----------------------------------------------------------------------------
    LAR> *** Wireless LAN Policies for Security & Management - NEW White Paper ***
    LAR> Just like wired networks, wireless LANs require network security policies
    LAR> that are enforced to protect WLANs from known vulnerabilities and threats.
    LAR> Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

    LAR> To get your FREE white paper visit us at:
    LAR> http://www.securityfocus.com/AirDefense-focus-ms
    LAR> ------------------------------------------------------------------------------

    I've found that if the program will be compressed by some exe
    compressor like PECompact, it will run through discussed politics.
    I think that if we will add some non-used bits to the end of program,
    it will penetrate too. Can you confirm it?

    -- 
    Best regards,
     Street                            mailto:streetseeker@mail.ru
    -----------------------------------------------------------------------------
    *** Wireless LAN Policies for Security & Management - NEW White Paper ***
    Just like wired networks, wireless LANs require network security policies
    that are enforced to protect WLANs from known vulnerabilities and threats. 
    Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
    To get your FREE white paper visit us at: 
    http://www.securityfocus.com/AirDefense-focus-ms
    ------------------------------------------------------------------------------
    

  • Next message: Laura A. Robinson: "RE: Windows 2003 Server - MS Rulez?"