bored employee by passing windows group policy restrictions with only the calculator application

http://www.watchguard.com/infocenter/editorial/18935.asp

The article above describes how a disgruntled or bored employee could by pass the restrictions on his work station set up by the system administrator. More specifically, restrictions of Windows Group Policy software. Windows group policy allows sys. admins. to control what files are accessible, applications available, web browsing settings, and configuration tool use. The hacker is able to by pass the security restrictions and view all system files, directories, access the web.

In this scenario the system administration limits application use to only allow Microsoft word and the calculator. The educated employee knows that internet explorer is highly integrated into the Windows OS and more specifically; the windows help feature cannot run without it. By opening calculator and clicking on help -> help topics -> jump to URL, the hacker has gained access to the web on a machine that was suppose to prohibit this. Next, he moves onto the system files by using his knowledge of URL handlers. Instead of entering “http://google.com/ , he enters “shell:system” and now he is able to view all system files and directories. This scenario illustrates the “why not” and “nothing to lose” principle motives of hackers. The no risk feeling and the ” costing nothing to try” mindset is what drives curious people to hack and break into systems. (as we discussed in class)

The article then goes on to explain a few tips on how these hackers can be stopped.  A layered defense using multiple programs would be your first step in a secured system. Lastly, have a written policy the employees must sign; so if they break the technical rules than at least you have a legitimate on paper reason for firing the employee

 

Advertisements