Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SIM Tools, and endpoint security.

from [Bill Royds] Network Security [Permanent Link]
Subject: RE: SIM Tools, and endpoint security.
Date: Wed, 25 May 2005 12:38:46 -0400 
Windows File Protection does NOT verify the integrity of the file, only that the
File Version field is correct. If it does not match, it then retrieves the file
from the DLLCache directory which is easily corrupted by a Trojan.
  Spyware/Trojans/Rootkits for windows often actually use this to prevent
removal. If one removes the spyware code, Windows File Protection conveniently
restores it.
  Windows File Protection is useful against fumble fingers, but not against
determined attackers.

-----Original Message-----
From: THolman@toplayer.com [mailto:THolman@toplayer.com] 
Sent: Friday, May 20, 2005 5:55 PM
To: simonis@myself.com; THolman@toplayer.com; focus-ids@securityfocus.com
Subject: RE: SIM Tools, and endpoint security.

Hi Drew,

I'm referring to Windows File Protection -
http://support.microsoft.com/kb/310747/EN-US/

This is configurable via Group Policy and offers 100% protection of system
files on the intended target.

..add to this Windows XP SP2, then you've got a pretty rock solid
workstation base that is not open to infection (as the firewall doesn't
allow anything in), and maintains integrity of system files (so malicious
code can't take over the system).

There's quite a lot more to Microsoft's OS security that often gets
overlooked, and many sysadmins are steered away from this with clever
marcoms and end up buying 3rd party applications to fill the gap.

My point is, be 100% sure that what you've got cannot do what you want,
before you go and buy something else!  ;)

Regards,

Tim 


-----Original Message-----
From: Drew Simonis [mailto:simonis@myself.com] 
Sent: 20 May 2005 14:53
To: THolman@toplayer.com; focus-ids@securityfocus.com
Subject: RE: SIM Tools, and endpoint security.



Don't discount the power of Microsoft Group Policy at a desktop level -

they

offer state of the art file integrity checking systems that are far more
cost-effective and comprehensive than the 3rd party add-ons that

proliferate

the market.



Huh? I've not see how Group Policy does "state of the art file integrity 
checking".  Can you clarify?

-Ds



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Checkpoint SmartDefense, THolman
Next by Date:  RE: SIM Tools, and endpoint security., Drew Simonis
Previous by Thread:  RE: SIM Tools, and endpoint security., THolman
Next by Thread:  RE: SIM Tools, and endpoint security., Drew Simonis
Indexes:  [Date] [Thread] [Top] [All Lists]