RE: Tightening up security for quarantine script

• Previous message: Michael Boyle: "Need free app for viewing metadata in Word documents"
• In reply to: Pierre Dufresne: "Tightening up security for quarantine script"
• Next in thread: Pierre Dufresne: "Re: Tightening up security for quarantine script"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Pierre Dufresne'" <pierre.dufresne@messf.gouv.qc.ca>, <focus-ms@securityfocus.com>
Date: Fri, 6 Feb 2004 06:30:37 +0800

True, a person with enough right can by-pass the script on the client or
even manipulate it in such a way that the script receiver thinks the client
PC is ok. Therefore allows the client in to the internal network.

You have two issues here.
1. Clients having admin right on the PC. They should not!
2. The Windows 2003 quarantine service is for trusted users/PC. It is not to
keep out hackers. Hence, the person in the quarantine-ed Pc is somebody you
already trust. In quarantine, you merely want to make sure the PC coming
into the network is CLEAN!(latest patches, virus signature updates etc)

Kind Regards
Gill

-----Original Message-----
From: Pierre Dufresne [mailto:pierre.dufresne@messf.gouv.qc.ca]
Sent: Thursday, February 05, 2004 11:05 PM
To: focus-ms@securityfocus.com
Subject: Tightening up security for quarantine script

Hi everybody,

When you use the quarantine functionnality of Windows 2003, you need to
write and then distribute a script on the computers of the users that are
going to connect through a VPN.

This script is supposed to do some validations and then end with the
execution of a small utility called RQC.exe that sends an OK return code to
the VPN server.

In our environment, most of the users are local admin of their laptop and
are in a position to modify the script, thus bypassing the validation
process.

Has anybody been using this quarantine feature and given some thoughts on
how to protect the script?

Any comment would be appreciated.

Thanks

---------------------------------------------------------------------------
---------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Michael Boyle: "Need free app for viewing metadata in Word documents"
• In reply to: Pierre Dufresne: "Tightening up security for quarantine script"
• Next in thread: Pierre Dufresne: "Re: Tightening up security for quarantine script"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]