[Wolves] Consultancy work thingie for union office.
Old Dan
dan at dannyboy.dnsalias.org
Thu Jan 8 12:16:07 GMT 2004
Aquarius wrote:
> Old Dan spoo'd forth:
>
>>>If management have 0wned their machines then having an external site
>>>won't help, because management could install keyboard trackers and
>>>whatnot that record passwords that are entered...
>>
>>I know - I could sniff for that kind of activity before we started
>>though couldn't I?
>
> Not easily. If the machines have already been 0wned you can't guarantee
> that your sniffers aren't being circumvented. r00tkits tend to hide
> themselves.
True, but I'd be using my Debian laptop connected to the network,
running ethereal or somesuch. I'm sure I could make it work... :)
>>Also I could install a firewall between them and the
>>rest of the network which only allows certain ports and then only allows
>>established/related connections - of course that won't work if the
>>clandestine software is installed on the union machines. I'm beginning
>>to think that they should terminate the support contract with management
>>and just go with another company (Dan Enterprises? :) ) but that means
>>that they won't have access to the council network which I think they
>>need for something. (I'm not sure what - I'll know on saturday when I
>>see them)
>
> Thought: USB dongles with a key on them or something? I mean,
> management could have a network sniffer running on the boxes, but at
> least that'd stop keyboard sniffers, 'cos you wouldn't type in a key.
If they're using the kind of spy software I think they are(Desktop
Scout) they'd still be able to copy the files across when you're
actually using the machine.
> This is clearly a fizzy and bambam question. Where are you guys?
>
> What's a reasonable level of paranoia in this case? Does everything
> they do on the machines need to be secure? If not, then give them one
> PC which is secure?
That's a possibility - one PC which is not connected to anything which
is not covered by the council support contract and which is hard as nails
when it comes to security. I could support it on an ad-hoc basis.
I just don't like that idea though. :)
--
Dan
More information about the Wolves
mailing list