Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: MS binary integrity baseline

from [Miroslaw Slawek Chorazy] Network Security [Permanent Link]
Subject: RE: MS binary integrity baseline
Date: Fri, 20 Aug 2004 11:06:24 -0500 
Chris,

what you are trying to accomplish I think falls within the scope of
"Software Restriction Policies"
this is a technology which will enable you to define rules to restrict
or enable execution of programs (not just .exe)
depending on Hashes, Certificates, Paths, Internet zones.

the technology can be implemented on per-user or per-machine basis
its really cool if you have an AD in place.

You can read more about it SM Knowledge Base Article 324036

Slawek



"Simon Conant" <sconant@microsoft.com> 8/20/2004 04:34 >>>

http://support.microsoft.com/default.aspx?scid=kb;en-us;841290 

-----Original Message-----
From: Sam Baskinger [mailto:sam@reefedge.com] 
Sent: Thursday, August 19, 2004 8:29 AM
To: Chris Conacher
Cc: focus-ms@securityfocus.com 
Subject: Re: MS binary integrity baseline

Hi Chris,

It's good practice to keep an up-to-date list of file hashes for any
system you deploy.  Before you deploy the system and after each
upgrade
you verify the hashes and take new ones if necessary.

I acctually finished writing a script in python which does this on
Linux
and Win systems.  If any are interested I'll happily post it to the
list
(160 lines in length) with the standard "USE AT YOUR OWN RISK"
disclaimer.

Currently I'm using the script to keep a closer eye on my testing
machines (The Win boxes) and I've deployed it on my laptop (the Linux
machine).

Again, this isn't hard at *all* and it is something you can EASILY
re-program for your shop and put in a scheduled task. Python also
gives
you some flexability in reporting etc etc etc.

Sam

Chris Conacher wrote:


Dear List

Is there anything that performs binary integrity checks for Windows

OS


such as  rpm does for Redhat or apt does for Debian?

I want something that will check Windows binaries against a trusted 
source - MS site, install cd, etc so that I can determine integrity 
baselines of current production systems before deploying an integrity



checking application.

I would have thought that this would be something Microsoft would 
provide, but have not seen anything.

Thanks for any input

Chris

_________________________________________________________________
Express yourself with cool new emoticons 
http://www.msn.co.uk/specials/myemo 




----------------------------------------------------------------------

-----



----------------------------------------------------------------------

-----





------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: MS binary integrity baseline, dave kleiman
Next by Date:  RE: COM+ with ASP web site on W2K3, Pawel . Janowski
Previous by Thread:  RE: MS binary integrity baseline, dave kleiman
Next by Thread:  SecurityFocus Microsoft Newsletter #202, Marc Fossi
Indexes:  [Date] [Thread] [Top] [All Lists]