Tightening up security for quarantine script

From: Pierre Dufresne (pierre.dufresne_at_messf.gouv.qc.ca)
Date: 02/05/04

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #174"
    Date: 5 Feb 2004 15:05:21 -0000
    To: focus-ms@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    Hi everybody,

    When you use the quarantine functionnality of Windows 2003, you need to write and then distribute a script on the computers of the users that are going to connect through a VPN.

    This script is supposed to do some validations and then end with the execution of a small utility called RQC.exe that sends an OK return code to the VPN server.

    In our environment, most of the users are local admin of their laptop and are in a position to modify the script, thus bypassing the validation process.

    Has anybody been using this quarantine feature and given some thoughts on how to protect the script?

    Any comment would be appreciated.

    Thanks

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #174"

    Relevant Pages

    • Re: ipfw and Corporate VPN
      ... I can manually add the rules just fine, but the script for some ... > private network to connect to the corporate VPN server. ... > The port number I think I can figure out, ... > a rule with the proper syntax for for a protocol? ...
      (comp.unix.bsd.freebsd.misc)
    • VPN Mapped Drive Disconnects?
      ... The VPN server is W2k and ... the vpn client is WinXP. ... I have a script that runs in a profile from CMAK ... The drive will disconnect after a period of time. ...
      (microsoft.public.win2000.ras_routing)
    • Re: sshd error on 5.4
      ... > I upgraded sshd on the 5.4 (VPN server) and made ... If you modified the rc.d script, ... and sockstat will both show it. ...
      (freebsd-questions)