Anyone know of how to do this?
>From what I'm seeing, the ports change very frequently, making it hard
to block via the router/firewall..
Any thoughts on this or via GPO?
Thanks
markm75
> Anyone know of how to do this?
>
> From what I'm seeing, the ports change very frequently, making it hard
> to block via the router/firewall..
>
> Any thoughts on this or via GPO?
Use Software Restriction Policies to prevent the software from being run
in the first place.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
markm75 wrote:
> Anyone know of how to do this?
>
>>From what I'm seeing, the ports change very frequently, making it hard
> to block via the router/firewall..
1. I would turn off UPnP support on a router and protect it with a
password. (No port forwarding)
2. I would uninstall p2p software from computers and setup limited
accounts, admin would be me only. (No software installation).
@lf wrote:
> 1. I would turn off UPnP support on a router and protect it with a
> password. (No port forwarding)
> 2. I would uninstall p2p software from computers and setup limited
> accounts, admin would be me only. (No software installation).
You don't need admin rights to install P2P software. In fact, even most
commercial software only requires admin rights due to stupid installers,
whereas porting the installed files and some registry to another computer
without admin rights works fine as well.
Sebastian G. wrote:
> @lf wrote:
>> 2. I would uninstall p2p software from computers and setup limited
>> accounts, admin would be me only. (No software installation).
> You don't need admin rights to install P2P software. In fact, even most
> commercial software only requires admin rights due to stupid installers,
> whereas porting the installed files and some registry to another
> computer without admin rights works fine as well.
What you talking about is true, but if markm75 deals with users capable
to do that (this is high above Joe Avaerage), then he have a serious
problem with no easy solution. I wouldn't even try any of "computer
protection". I would employ some other type of protection: law, force,
whatever.
@lf wrote:
> Sebastian G. wrote:
>> @lf wrote:
>>> 2. I would uninstall p2p software from computers and setup limited
>>> accounts, admin would be me only. (No software installation).
>> You don't need admin rights to install P2P software. In fact, even most
>> commercial software only requires admin rights due to stupid installers,
>> whereas porting the installed files and some registry to another
>> computer without admin rights works fine as well.
>
> What you talking about is true, but if markm75 deals with users capable
> to do that (this is high above Joe Avaerage),
Why exactly is unpacking emule0.47c.bin.zip into a directory and then
launching it above a typical user? Why exactly is getting told by Jane
Clever "hey, just unzip this archive and you can run LimeWire without
installation" above understanding?
> then he have a serious problem with no easy solution.
Nonsense. There is a very easy solution: globally remove execute rights and
only explicitly grant it to required applications. On Windows this is called
"Software Restriction Policies".
> I would employ some other type of protection: law, force, whatever.
Lawful protection could never be anything but supplemental.
Sebastian G. wrote:
> Why exactly is unpacking emule0.47c.bin.zip into a directory and then
> launching it above a typical user? Why exactly is getting told by Jane
> Clever "hey, just unzip this archive and you can run LimeWire without
> installation" above understanding?
In a case of LimeWire it might be true. But generally, transfering some
software package from one computer to another without installation is a
task above Joe Average capacibilities.
> Nonsense. There is a very easy solution: globally remove execute rights
> and only explicitly grant it to required applications. On Windows this
> is called "Software Restriction Policies".
User capable of analysing installation logs and who are familiar with
computers enought to transfer MS Office from one computer to another
will find a way how to crack admin password and reconfigure that policy.
@lf wrote:
> Sebastian G. wrote:
>> Why exactly is unpacking emule0.47c.bin.zip into a directory and then
>> launching it above a typical user? Why exactly is getting told by Jane
>> Clever "hey, just unzip this archive and you can run LimeWire without
>> installation" above understanding?
>
> In a case of LimeWire it might be true. But generally, transfering some
> software package from one computer to another without installation is a
> task above Joe Average capacibilities.
As I wrote: Jane Clever can prepare this task. Joe Average will just have to
run a script, and there you go.
>> Nonsense. There is a very easy solution: globally remove execute rights
>> and only explicitly grant it to required applications. On Windows this
>> is called "Software Restriction Policies".
>
> User capable of analysing installation logs and who are familiar with
> computers enought to transfer MS Office from one computer to another
MS Office doesn't run without administrative installation.
> will find a way how to crack admin password and reconfigure that policy.
A strange assumption, especially since they can't run any of the exploits
and have to resort to what the system offers.
Sebastian G. wrote:
> As I wrote: Jane Clever can prepare this task. Joe Average will just
> have to run a script, and there you go.
Than you have to protect yourself from Jane Clever, Joe Average in this
case is only a keyboard button Jane Clever is pressing. You dont have
Joe Average in front of computer but Jane Clever. Joe Average alone is
not capable to do that.
> MS Office doesn't run without administrative installation.
Not important, can be some other software package, that is irrelevant.
Whatever package you take as example is above Joe Avarage capacibilities.
>> will find a way how to crack admin password and reconfigure that policy.
> A strange assumption, especially since they can't run any of the
> exploits and have to resort to what the system offers.
Live Linux.
On Aug 17, 8:53 am, "@lf"
> Sebastian G. wrote:
> > As I wrote: Jane Clever can prepare this task. Joe Average will just
> > have to run a script, and there you go.
>
> Than you have to protect yourself from Jane Clever, Joe Average in this
> case is only a keyboard button Jane Clever is pressing. You dont have
> Joe Average in front of computer but Jane Clever. Joe Average alone is
> not capable to do that.
>
> > MS Office doesn't run without administrative installation.
>
> Not important, can be some other software package, that is irrelevant.
> Whatever package you take as example is above Joe Avarage capacibilities.
>
> >> will find a way how to crack admin password and reconfigure that policy.
> > A strange assumption, especially since they can't run any of the
> > exploits and have to resort to what the system offers.
>
> Live Linux.
Does anyone know what tool or how I could sniff our outgoing/incoming
internet traffic to even determine if our bandwidth drops are due to
p2p software?
I do have the network monitor tool installed on an SMS server which
can search for any traffic on the whole network.
For now I may try the software restrictions in P2p.. so at least then
I can control who can run it and who cant, though most of our users
are admins on their local boxes here and this isn't likely to change
for various reasons.
@lf wrote:
> Sebastian G. wrote:
>> As I wrote: Jane Clever can prepare this task. Joe Average will just
>> have to run a script, and there you go.
>
> Than you have to protect yourself from Jane Clever, Joe Average in this
> case is only a keyboard button Jane Clever is pressing. You dont have
> Joe Average in front of computer but Jane Clever. Joe Average alone is
> not capable to do that.
Once again: You have Joe Average sitting on the computer doing what Jane
Clever told him, or wrote him up in a script. That's why your notion "Joe
Average alone is not capable to do that" is absolutely worthless in practice.
>> MS Office doesn't run without administrative installation.
>
> Not important, can be some other software package, that is irrelevant.
> Whatever package you take as example is above Joe Avarage capacibilities.
Once again:
- Jane Clever can prepare the task. Joe Average has nothing to do but simply
start a script.
- Many software packages install quite well without admin rights.
>>> will find a way how to crack admin password and reconfigure that policy.
>> A strange assumption, especially since they can't run any of the
>> exploits and have to resort to what the system offers.
>
> Live Linux.
Oh, and how do you change the boot priority without the BIOS password?
Sebastian G. wrote:
....
>> Live Linux.
> Oh, and how do you change the boot priority without the BIOS password?
Who put the password, I cannot find that in a thread, there were uPnP
off, Limited account and software restriction policy.
You are adding new security meassuers, so now I will quote myself.
> (this is high above Joe Avaerage), then he have a serious problem with no easy solution.
i.e. more security meassures have to be involved, you pointed one, that
is enought to prove statement.
EOD
@lf wrote:
> Sebastian G. wrote:
> ...
>>> Live Linux.
>> Oh, and how do you change the boot priority without the BIOS password?
>
> Who put the password, I cannot find that in a thread, there were uPnP
> off, Limited account and software restriction policy.
Eh... using a limited account obviously implies setting a password for the
admin account.
> You are adding new security meassuers, so now I will quote myself.
>
>> (this is high above Joe Avaerage), then he have a serious problem with no easy solution.
>
> i.e. more security meassures have to be involved, you pointed one, that
> is enought to prove statement.
>
> EOD
Well, except that stuff like disabling uPnP becomes superfluos then (it's
still a good idea). And, even further, doing such few things definitely
accounts as an easy solution.