Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IDS and Spywares

from [Omar Herrera] Network Security [Permanent Link]
Subject: RE: IDS and Spywares
Date: Mon, 17 Oct 2005 13:52:35 +0100 
Hi Justin,


-----Original Message-----
From: Justin Shore [mailto:justin.shore@sktbcs.com]
Sent: Monday, October 17, 2005 4:55 AM
To: Matt Jonkman; Omar A. Herrera
Cc: focus-ids@securityfocus.com; vipul kumra; dhruv_ymca@yahoo.com;
neelabhsharma1@gmail.com
Subject: RE: IDS and Spywares

There is an extremely easy solution to this problem.  Remove local
administrative rights from users' PCs.  There is absolutely no reason
whatsoever for a user in a corporate environment to have local admin
rights if they aren't actually a sysadm.  In a home environment there is
absolutely no reason for a user to be a local admin all the time.  Remove
this capability for the residential-grade OSs and make users utilize the
Run As feature of XP and 2000.  Better yet make this process automatic
like in OS X.  There is no reason in this day and age for users to need
constant local admin access, if they need local admin access, period.


I totally agree with, you, and I use privilege restrictions a lot (O.S.
based privilege restrictions it is). But usually the rights of common users
(enforced by the O.S.) are enough to create some harm. That is, we don't
just want to restrict their privileges but also make sure they don't shoot
themselves in their feet by abusing those privileges.

A common example: some users are able to navigate on the web. From a
FW/nIDS/nIPS point of view those users might just need ports TCP 80 and 443
open for outbound communication, but from an O.S. point of view you can only
put very general restrictions (i.e. if they are able or not to open sockets
from network communication).

Malware can easily work in this restricted environment, so you need
something else. A PFW that restricts outbound connections to certain
applications or hIPS that is able to stop any unauthorized software are
examples of how you can extend the security provided by O.S. privilege
restrictions. Host based IDS are also able to detect execution of
unauthorized software

Kind regards,

Omar Herrera 


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IDS and Spywares, Frank Knobbe
Next by Date:  RE: IDS and Spywares, Dhruv Soi
Previous by Thread:  RE: IDS and Spywares, Justin Shore
Next by Thread:  BASE 1.2 (betty) released, Kevin Johnson
Indexes:  [Date] [Thread] [Top] [All Lists]