Here’s a little quickie someone asked me today. Note it didn’t look like the person asking had the computers on a domain, so I gave only the simple answers.
Q: I have two illiterate users on my network and they click on everything they see. They also insist on installing random software. I can’t give them a guest account because that interferes with certain software they need to use. I would like to give them ‘computer administrator’ accounts (they’re on an XP pro machine) but still make sure they can’t infect the machine with all sorts of malware. Any suggestions? To reiterate, all I want to do is control they software they install, etc. They still need to be able to create files, have access to already installed software, etc.
A: Unfortunately, the best way to handle this situation is to bite the bullet and do exactly what you say you don’t want to: remove them from the Administrators group and put them in a limited account. No other way around it. Getting them out of the Administrators group won’t interrupt their ability to use already installed software or create files in directories they have permission to write to, but it will prevent them from installing [most] software.
I always suggest installing SiteAdvisor. It’s a free browser extension that attempts to warn you when you’re at a bad website. I like it because it passively trains users to recognize bad websites. You can also have them use OpenDNS to block access to certain classes of websites.
Re-imaging nightly is a possibility, but overkill I think. You can do it with Deep Freeze or Norton Ghost.
I know there are better solutions out there, I just didn’t have the time to remember all of them. Anyone care to help this guy out in the comments?
Due to a recent need for creation of fresh blacklist, we have collected and analyzed 16,000+ unique Storm bot IPs over 2 days. Our results confirm some of the findings of this recent paper regarding size of the Storm botnet. It estimates that the Storm botnet’s size is 5,000 - 6,000 unique IPs (lower bound) and 45,000 - 80,000 upper bound.
The majority of infected machines are located in USA, Russia, Mexico, India, Turkey, Brazil and Poland (in that order). The complete list is here. A partial list of top results is below.
United States 1716
Russian Federation 1177
Mexico 869
India 699
Turkey 609
Continue reading ‘Storm Worm IP List and Country Distribution Statistics’
People in attendance: 6 or 7
- Dan Kaminsky interview - link
- w3af demo - link
- Unusual Web Bugs - video - slides
- Social Engineering presentations - link
We’re having another meeting next week and I’m taking suggestions for topics. An [obligatory] brief overview of the Debian OpenSSL bug will be done.
Yesterday marked the end of our first-run Psychology of Security/Social Engineering course here at Poly. Every student made a presentation that described the research project they designed and attempted to run during the semester. I’ll upload the presentations as I get them so check this page often :-).
- The Effectiveness of Security Training / Graphical Indicators of Security
Joint project by Dan Guido and Boris Kochergin
- Personalized Phishing
Joint project by Brad Schonhorst and Jonathan Voris
I’ve made an executive decision. The mailing list that we used for the course will now be opened to the public for discussion of Social Engineering / Psychology of Security issues. I placed a link on the sidebar of this blog, please sign up if you’re interested!
This summer the ISIS Lab will be hosting a weekly Information Security Video/Study Group every Wednesday from 6:30pm until people get bored (probably ~8-9pm).
I’ll show up in the lab and hook up our gigantic LCD TV to show a different video each week and host a discussion. Afterwards, I’ll do a review of each meeting on this blog. We will default to a FreeBSD Kernel Internals DVD course if no other videos are suggested (I need to brush up on my Operating Systems). If you have a specific video you’d like to see/discuss from Defcon, ShmooCon, HITBSecConf, Blackhat, RECon, or elsewhere then please suggest watching it!
Meetings will take place in the ISIS Lab (Room 219) located in Polytechnic University. The street address is 6 Metrotech Center, Brooklyn, NY 11201. If you’re not a regular, then I’m going to need to sign you in so call the lab phone at (718) 260-3986 when you get here (regulars get the sekret c0deword). I’ll keep a bunch of menu’s in the lab and we’ll make an order for takeout shortly after everyone gets here.
This event is open to the public (duh) so please invite your friends. Send all comments, suggestions or videos you’d like to watch to me, Dan, at dguido@gmail.com.
The first meetup is this Wednesday, May 14th. See you there!
Add this event and others to your calendar: ISIS Meetings.
Loading ...
Recent Comments