Re: Remotely manage Zone Alarm

• Previous message: Marco Obaid: "RE: Windows XP Pro cracker?"
• In reply to: Cesar Diaz: "Remotely manage Zone Alarm"
• Next in thread: Birl: "Re: Remotely manage Zone Alarm"
• Reply: Birl: "Re: Remotely manage Zone Alarm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Cesar Diaz" <cesadiz@yahoo.com>, <security-basics@securityfocus.com>
Date: Fri, 5 Sep 2003 07:50:22 +1000

> ----- Original Message -----
> From: Cesar Diaz
> To: security-basics@securityfocus.com
> Sent: Thursday, September 04, 2003 11:36 PM
> Subject: Remotely manage Zone Alarm

> We have a user that works remotely. Since he works outside our
> firewall he has Zone Alarm Pro on his machine.

<SNIP>
 
> Is there a way to centrally manage Zone Alarm settings or is this user
> completely shielded while inside our network?
 
ZA Pro is far from being inpenetrable. You only have to look on other securityfocus list archives to see what I mean. There are 3 things I can immediately think of that may help and not be too nasty for you:

1) If the user isnt all that aware and just HAPPENS to run ZA Pro, tell him there is a need to make sure something is correct each time as you are not getting something or other on your network correctly. Even fake an incident where real work he is supposed to do remotely wasnt actually done to "prove" it. If you can convince him, put a program of your choice that does the same sort of thing PC Anywhere does and make sure his ZA Pro allows PC Anywhere (or the prog of your choice like it) full access on his machine before you give it back. You can remotely allow anything you want with that sort of access. You might even just tell his ZA Pro to allow FULL access from a certain IP number you control to do anything and then make sure his machine allows that sort of access as a WIN98 machine would for example. He wouldnt have a clue about anyone monitoring him then.

2) Check out Full Disclosure and other lists here at SecurityFocus. There are floods you can send at ZA Pro that stops it working. Then you can get in.

3) Just install something that watches everything he does and reports it back to you but to be honest, you would be better shoring up access your end. You might consider thanking him for pointing out holes in YOUR network!

Greg.

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

• Previous message: Marco Obaid: "RE: Windows XP Pro cracker?"
• In reply to: Cesar Diaz: "Remotely manage Zone Alarm"
• Next in thread: Birl: "Re: Remotely manage Zone Alarm"
• Reply: Birl: "Re: Remotely manage Zone Alarm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]