RE: Tightening up security for quarantine script
From: Watson, Michael (watsonmj_at_wharton.upenn.edu)
Date: 02/06/04
- Previous message: Pierre Dufresne: "Re: Tightening up security for quarantine script"
- Maybe in reply to: Pierre Dufresne: "Tightening up security for quarantine script"
- Next in thread: BOWSER, DAVID: "RE: Tightening up security for quarantine script"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 6 Feb 2004 11:18:58 -0500 To: "Pierre Dufresne" <pierre.dufresne@messf.gouv.qc.ca>, <focus-ms@securityfocus.com>
Hi, we use the quarantine functionality and have deployed it to a large
number of users (a couple thousand). It worked fairly well however we
ran into the same problem that you did, as well as another problem of
deploying new scripts every time an update is done.
We came up with a solution of writing our own client. We compiled an
executable that sent the same string the RQC data does. In addition to
protecting the client we were able to set up a server that the machine
connects to in order to download new patch information (when I say
download I mean have a live read via an http connection). This has
proven to work very well.
I am including the string of code I used (it is in VB). It is a pretty
simple VB Statement which can be translated to whatever language you
would like.
The only drawback that we have found is the requirement for some type of
language interpreter on the machine (in our case .Net framework). If
you wrote it in C it probably won't be an issue (but it would take a lot
longer! :) ).
I hope this helps some, feel free to email me if you have questions or
want to know other information.
strRQCString = strRQCString + "DOMAIN NAME" + "\" + "USERNAME" + ":" +
Trim(ScriptVer) + Chr(0)
strRQCString = "00" + CStr(strRQCString.Length) + ":" + strRQCString
Mike
-----Original Message-----
From: Pierre Dufresne [mailto:pierre.dufresne@messf.gouv.qc.ca]
Sent: Thursday, February 05, 2004 10:05 AM
To: focus-ms@securityfocus.com
Subject: Tightening up security for quarantine script
Hi everybody,
When you use the quarantine functionnality of Windows 2003, you need to
write and then distribute a script on the computers of the users that
are going to connect through a VPN.
This script is supposed to do some validations and then end with the
execution of a small utility called RQC.exe that sends an OK return code
to the VPN server.
In our environment, most of the users are local admin of their laptop
and are in a position to modify the script, thus bypassing the
validation process.
Has anybody been using this quarantine feature and given some thoughts
on how to protect the script?
Any comment would be appreciated.
Thanks
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Pierre Dufresne: "Re: Tightening up security for quarantine script"
- Maybe in reply to: Pierre Dufresne: "Tightening up security for quarantine script"
- Next in thread: BOWSER, DAVID: "RE: Tightening up security for quarantine script"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
