How does this differ from the effects of a home pc or laptop taken from work to home, and used to surf the net when not used in a vpn tunnel to the workplace? Same threat, yes? Thanks, Ron DuFresne On Tue, 3 Jul 2001, Zow Terry Brugger wrote: > > I have a feeling that there might be more subtle security issues > > relating to hibernating a system in a trusted environment and awakening it > > in an untrusted one, apart from user education issues, but can't put my > > finger on any just now. > > The threat that immediately occurs to me is the reverse: having the laptop in > an untrusted environment, then moving it to a trusted environment. Let's say > the laptop gets cracked when it's on the untrusted net. Then the user moves > the laptop to a trusted network where a background program wakes up and > automatically cracks machines on the trusted network. I read about someone > using their own laptop with such a program to do a red team assessment for a > customer (I think it was on /. but I'm not sure). They put the program on the > laptop (so they didn't crack their own box, but having the program introduced > by a remote attacker is the next logical step) then they took the laptop into > the customer site under the pretext of doing a presentation to a member of the > technical staff. As soon as the red team member plugged into the local > (trusted) network, the laptop started cracking servers, installing backdoors > and punching holes in the firewall. The person claimed that during their 30 > minute presentation this automatic program pretty much took over the entire > company's network. > > Returning to your original question, consider if the automated program didn't > install any backdoors, it just grabbed the information the attackers wanted > and stored that info on the laptop for retrieval once the laptop moved from > the trusted to the untrusted network. Or even more straightforward, the user > deliberately puts company proprietary information on the laptop when connected > to the trusted company network and the laptop doesn't get compromised until > it's moved to an untrusted (home perhaps?) network, whereupon the attackers > compromise the laptop and grab the proprietary information. > > The only solution is defense in depth. The two best practices that occur to me > in this case is to use network intrusion detectors even behind your firewalls > and keep all your machines patched. While patching may be particularly > problematic for laptops since they aren't always there, it's probably more > important for them than it is for desktop systems just because of all the odd > networks they may end up on. If you're more paranoid, consider keeping your > laptops on a separate network or sanitize them when leaving or returning to a > trusted network. > > My $.02, > Terry > > #include <stddisclaimer.h> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
This archive was generated by hypermail 2b30 : Wed Jul 04 2001 - 17:18:05 PDT