Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Boot floppy

from [Anders Thulin] Network Security [Permanent Link]
Subject: Re: Boot floppy
Date: Wed, 11 Apr 2007 08:52:58 +0200 
Mifa wrote:

We have a user who takes a company  computer home with them (no its not a lap 
top).  We have a good reason
to need to look at their files.  However, we want to do so without that 
employ knowing.  They seem to know
something about security becasue auto runs is disabled and the workstation is 
always locked with a third
party software.  INserting a U3 drive will not run a program either.  Are 
there any programs that will boot
from a floppy then copy a program to the c drive then wite an auto start 
entry into the registry?  This was
the only way I can think of to get the user to install a program..

Any other ideas how we maight gain access?  It has to be fast (bathroom 
breaks ect).  I dont have time to
load a live cd. Further, robooting would cause the user to loose work.


  I don't like the sound of this. You want to install software on a company 
computer, but are
afraid to tip the user off that you are doing so? And you don't want to reboot 
the system
in the process, and you only have short periods of time, such as bath-room 
breaks to your
disposal? And who exactly are 'we'?

  Get in touch with a good security consultant -- someone who can get the whole 
picture,
including the parts you're not discussing here. If there is a legitimate 
threat, it
need to be considered in toto.

  On the assumption that this is above the board: if you don't have time to do 
the job,
make it. Get the IT department to do a hardware upgrade, say, larger disks, for 
everyone
in his work group. Or get the user into a full-day meeting on very short 
notice. Or ask if
he wouldn't actually *prefer* a laptop, seeing how he's moving this computer to 
and from
work every day (something I find *rather* difficult to believe). Or use some 
similar
excuse to get sufficient hands-on time for a disk bitcopy to examine at your 
leisure.

  Apart from that, there is (or should be) an employer-employee relationship in 
place here:
use it. If you are afraid of tipping the user off, make sure you have 
identified the correct
threat: it may not be files on a disk, but the fact that you need to be 
tiptoeing around an
employee at all. In that case, it's not a problem to be solved by bootdisks.

-- 
Anders Thulin          anders.thulin@sentor.se          070-757 36 10

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Boot floppy, jasper . o . waale
Next by Date:  Re: Boot floppy, Zed Qyves
Previous by Thread:  Re: Boot floppy, berg
Next by Thread:  RE: Boot floppy, Marvin Simkin
Indexes:  [Date] [Thread] [Top] [All Lists]