pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Boot floppy

from [Clint P. Garrison MBA, CISSP, QSA] [Permanent Link][Original]
To: Mifa <mifa@stangercorp.com>
Subject: Re: Boot floppy
From: "Clint P. Garrison MBA, CISSP, QSA" <garrison.clint@gmail.com>
Date: Tue, 10 Apr 2007 22:28:18 -0500
Cc: pen-test@securityfocus.com
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Ki/Erfhixc9HbRAzcCs18Kc/LCpN4d/Z1U2+ywhJcguSnE/0VaDio2aRWciMNRGCoYHA9hKVcdO+FujibqzaX3IMPMpMWGRknftz3dUaEAFKGJY4AyMjutz8D+XCepIfmbZMjLQoC5ZYHiFX2hufvJut1eLnq7X3D9VSWlWMAso=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mW5kL4BWRsCnE65mHyNcKz4DApSEf+UzZ5HR88XfVK0M19jF0xK4Jwmdbi/yL2qnAJaJUgnCsCSLtu8qzVHxMmoNMfSpr5ZK5hWPqpy0kjMuaIOVA6YoKVTRx8RlBl/Ny07E6o9iEgLLwMOvRsMZY4PPYoq4LErcPLsspKAFzjc=
In-reply-to: <a40a81bbdf22981ceda4eda9f6055765@stangercorp.com>
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
References: <a40a81bbdf22981ceda4eda9f6055765@stangercorp.com>
Resent-date: Wed, 11 Apr 2007 00:06:19 -0600 (MDT)
Resent-from: pen-test-return-1078483898@securityfocus.com
Resent-message-id: <20070411060619.39B26147E83@outgoing2.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com 
I have Two recommendations;

1. The boot from CD option should be enabled/disabled in the BIOS.
Enable "boot from CD" and boot off of a Forensics Boot CD. I recommend
Helix. If the BIOS is password protected, go to 2...

2. Take the hard drive out and use the Forensics CD, or a Linux system
(dd), to make a copy of the disk from another system. Then analyze the
copy. Short of Full Disk encryption, that will circumvent the
third-party software.

Last...Why isn't this "employee" violating any policies? It sounds
like you should take a hard look at your Computer Security Policies...

Later,

Clint P. Garrison
MS, MBA, CISSP, QSA



On 4/10/07, Mifa <mifa@stangercorp.com> wrote:

We have a user who takes a company  computer home with them (no its not a lap 
top).  We have a good reason to need to look at their files.  However, we want 
to do so without that employ knowing.  They seem to know something about 
security becasue auto runs is disabled and the workstation is always locked 
with a third party software.  INserting a U3 drive will not run a program 
either.  Are there any programs that will boot from a floppy then copy a 
program to the c drive then wite an auto start entry into the registry?  This 
was the only way I can think of to get the user to install a program..

Any other ideas how we maight gain access?  It has to be fast (bathroom breaks 
ect).  I dont have time to load a live cd. Further, robooting would cause the 
user to loose work.



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  publications concerning port forwarding, Jason L. Ellison
Next by Date:  Re: Boot floppy, Shreyas Zare
Previous by Thread:  Boot floppy, Mifa
Next by Thread:  Re: Boot floppy, Shreyas Zare
Indexes:  [Date] [Thread] [Top] [All Lists]