firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Getting windows user name? (ArkanoiD)
2. Content filtering - how to enforce at home (Wieslaw Lubas)
3. Re: Getting windows user name? (Paul D. Robertson)
4. Re: Getting windows user name? (Kurt Buff)
5. Re: Content filtering - how to enforce at home (pkc_mls)
6. Re: Content filtering - how to enforce at home
(Randall C Grimshaw)
7. Re: Getting windows user name? (Jon Schipp)
----------------------------------------------------------------------
Message: 1
Date: Wed, 8 Sep 2010 21:42:07 +0400
From: ArkanoiD <ark@eltex.net>
Subject: [fw-wiz] Getting windows user name?
To: firewall-wizards@listserv.cybertrust.com
Message-ID: <20100908174207.GA16034@eltex.net>
Content-Type: text/plain; charset=koi8-r
Is there a way to retrieve Windows user name for any given workstation, something like
Unix identd, but using AD only? Terminal servers are non-issue at the moment (well,
another issue), let's assume there is only one logged in that matters. Seems that ISA does it?
Is it possible to implement such a functionality without netbios requests?
------------------------------
Message: 2
Date: Wed, 8 Sep 2010 21:18:41 +0200
From: Wieslaw Lubas <wieslaw_lubas@o2.pl>
Subject: [fw-wiz] Content filtering - how to enforce at home
To: firewall-wizards@listserv.icsalabs.com
Message-ID:
<AANLkTi=v69Q_8m8udwJNs42aqFqm++5DP7EdouRMMD0y@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
I am trying to attach small filtering "appliance" in home environment. From
user perspective it is a proxy server and firewall with IP address A on LAN
side. WAN side connected to DSL/cable modem (CPE). All traffic other than
restricted web categories shall be allowed. CPE DHCP turned off, allows
only "appliance" MAC address.
Scenario 1. Web proxy (A) enforced on workstation.
Scenario 2. CPE or firewall blocks 80&443 from sources different than "A".
"Appliance" is in transparent mode, because all workstation users can modify
proxy settings. Disadvantage - only ports 80 and 443 are filtered - filter
can be bypassed using Internet-based proxy.
Scenario 1a. Smart 7 years young hacker replaces "appliance" with some
non-filtering proxy, using the same IP. How to avoid this hack?
Scenario 2a. Smart 7 years young hacker clones "appliance" MAC and connects
dorectly to CPE.How to avoid this hack? 802.1x?
Scenario 2b. CPE is provider-managed - in my case cable modem acting as a
bridge. No mac filtering. Any connected DHCP client gets online. Anything
else than physical lock will help (connecting cable modem with "appliance",
setting up appliance as DHCP server, both boxes secured with key in
enclosure)?
Is there any software based solution that could do the job?
Specifically, tamper proof network driver acting as ICAP client (I could
install filter with ICAP server in remote location).
Wieslaw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20100908/f15a180a/attachment-0001.html>
------------------------------
Message: 3
Date: Thu, 9 Sep 2010 00:02:54 -0400 (EDT)
From: "Paul D. Robertson" <paul@compuwar.net>
Subject: Re: [fw-wiz] Getting windows user name?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <Pine.LNX.4.44.1009082354140.882-100000@bat.clueby4.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 8 Sep 2010, ArkanoiD wrote:
> Is there a way to retrieve Windows user name for any given workstation, something like
> Unix identd, but using AD only? Terminal servers are non-issue at the moment (well,
> another issue), let's assume there is only one logged in that matters. Seems that ISA does it?
> Is it possible to implement such a functionality without netbios requests?
I don't think you can do a non-DCOM query without installing an agent on
the Windows side- but I suppose it depends on where you need the
informaiton.
Samba's wmi-client will do the dcom query.
Here's info on doing it via http with a client installed on the Windows
box:
http://forums.cacti.net/about11752.html
If you're just trying to do the NTLM auth like ISA, this link may help:
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
Moderator: Firewall-Wizards mailing list
Art: http://www.PaulDRobertson.net/
------------------------------
Message: 4
Date: Wed, 8 Sep 2010 21:25:47 -0700
From: Kurt Buff <kurt.buff@gmail.com>
Subject: Re: [fw-wiz] Getting windows user name?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Cc: ark@eltex.net
Message-ID:
<AANLkTimSS_8W5T_jx3fQpidDw=1vUnZFKDVeVo1nXVrH@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
psloggedon from microsoft will query the workstation directly and tell
you who's logged in, if you have privileges on the target machine.
On Wed, Sep 8, 2010 at 10:42, ArkanoiD <ark@eltex.net> wrote:
> Is there a way to retrieve Windows user name for any given workstation, something like
> Unix identd, but using AD only? Terminal servers are non-issue at the moment (well,
> another issue), let's assume there is only one logged in that matters. Seems that ISA does it?
> Is it possible to implement such a functionality without netbios requests?
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
------------------------------
Message: 5
Date: Thu, 09 Sep 2010 08:41:38 +0200
From: pkc_mls <pkc_mls@yahoo.Fr>
Subject: Re: [fw-wiz] Content filtering - how to enforce at home
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <4C8881A2.4050700@yahoo.Fr>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Le 9/8/2010 9:18 PM, Wieslaw Lubas a ?crit :
> Hi,
>
> Scenario 1a. Smart 7 years young hacker replaces "appliance" with some
> non-filtering proxy, using the same IP. How to avoid this hack?
>
> Scenario 2a. Smart 7 years young hacker clones "appliance" MAC and
> connects dorectly to CPE.How to avoid this hack? 802.1x?
>
> Scenario 2b. CPE is provider-managed - in my case cable modem acting
> as a bridge. No mac filtering. Any connected DHCP client gets online.
> Anything else than physical lock will help (connecting cable modem
> with "appliance", setting up appliance as DHCP server, both boxes
> secured with key in enclosure)?
>
> Is there any software based solution that could do the job?
>
This 7 years hacker is so smart he will replace the software running on
the PC with a livecd to bypass the software restriction.
Unless you find a PC without CD and USB port.
> Specifically, tamper proof network driver acting as ICAP client (I
> could install filter with ICAP server in remote location).
>
> Wieslaw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20100909/e4de860b/attachment-0001.html>
------------------------------
Message: 6
Date: Thu, 9 Sep 2010 06:29:41 -0400
From: Randall C Grimshaw <rgrimsha@syr.edu>
Subject: Re: [fw-wiz] Content filtering - how to enforce at home
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID:
<D1ED659D5D76664389FB55EE3E3EE50609632CDB4D@suex07-mbx-01.ad.syr.edu>
Content-Type: text/plain; charset="us-ascii"
Physical access is always a problem, especially if they possess replacement routers - but here is what I use:
2 stacked NAT routers, Cable modem -> R1 -> R2 -> house
R1 is a NAT with 802.11n WPA2 private password for my rare bypass needs. The ports are MAC secured to include my notebook and R2
R2 is a WRT running the latest Gargoyle / OpernWRT configured to enforce OpenDNS subscribed (free available) site category filtering / tracking. Gargoyle also has functional rate limiting, access quotas, reporting, filtering,
Notes:
My college kids used to have access to R1 in a former configuration, but hacker would break into their computers and they were often careless users. So for a while a bsecure securespot (no longer offered but signs of returning) sat between R1 and R2 (pre Gargoyle) A hotspot like password was used for bypass needs. Todays configuration is better for my immediate needs and works pretty well... hacker #2 is going to be a bigger challenge and I may need a PCI compliant cage.
Good luck Jim... as usual should any of your force be....
Randall Grimshaw rgrimsha@syr.edu
________________________________________
From: firewall-wizards-bounces@listserv.cybertrust.com [firewall-wizards-bounces@listserv.cybertrust.com] On Behalf Of Wieslaw Lubas [wieslaw_lubas@o2.pl]
Sent: Wednesday, September 08, 2010 3:18 PM
To: firewall-wizards@listserv.cybertrust.com
Subject: [fw-wiz] Content filtering - how to enforce at home
Hi,
I am trying to attach small filtering "appliance" in home environment. From user perspective it is a proxy server and firewall with IP address A on LAN side. WAN side connected to DSL/cable modem (CPE). All traffic other than restricted web categories shall be allowed. CPE DHCP turned off, allows only "appliance" MAC address.
Scenario 1. Web proxy (A) enforced on workstation.
Scenario 2. CPE or firewall blocks 80&443 from sources different than "A". "Appliance" is in transparent mode, because all workstation users can modify proxy settings. Disadvantage - only ports 80 and 443 are filtered - filter can be bypassed using Internet-based proxy.
Scenario 1a. Smart 7 years young hacker replaces "appliance" with some non-filtering proxy, using the same IP. How to avoid this hack?
Scenario 2a. Smart 7 years young hacker clones "appliance" MAC and connects dorectly to CPE.How to avoid this hack? 802.1x?
Scenario 2b. CPE is provider-managed - in my case cable modem acting as a bridge. No mac filtering. Any connected DHCP client gets online. Anything else than physical lock will help (connecting cable modem with "appliance", setting up appliance as DHCP server, both boxes secured with key in enclosure)?
Is there any software based solution that could do the job?
Specifically, tamper proof network driver acting as ICAP client (I could install filter with ICAP server in remote location).
Wieslaw
------------------------------
Message: 7
Date: Thu, 09 Sep 2010 00:02:24 -0700
From: Jon Schipp <jonschipp@gmail.com>
Subject: Re: [fw-wiz] Getting windows user name?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <4C888680.1060600@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
You can use the SysInternals(acquired by Microsoft) psexec tool to
enumerate users. For instance, say you want the user list on a XP
workstation. Tell psexec to run "net users".
http://technet.microsoft.com/en-us/magazine/2007.03.desktopfiles.aspx
On 9/8/2010 9:02 PM, Paul D. Robertson wrote:
> On Wed, 8 Sep 2010, ArkanoiD wrote:
>
>> Is there a way to retrieve Windows user name for any given workstation, something like
>> Unix identd, but using AD only? Terminal servers are non-issue at the moment (well,
>> another issue), let's assume there is only one logged in that matters. Seems that ISA does it?
>> Is it possible to implement such a functionality without netbios requests?
>
> I don't think you can do a non-DCOM query without installing an agent on
> the Windows side- but I suppose it depends on where you need the
> informaiton.
>
> Samba's wmi-client will do the dcom query.
>
> Here's info on doing it via http with a client installed on the Windows
> box:
>
> http://forums.cacti.net/about11752.html
>
> If you're just trying to do the NTLM auth like ISA, this link may help:
>
> http://cntlm.sourceforge.net/
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> paul@compuwar.net which may have no basis whatsoever in fact."
> Moderator: Firewall-Wizards mailing list
> Art: http://www.PaulDRobertson.net/
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Jon
--
------------------------------------------------------------------
Do you OpenGPG? Search the MIT key server with string "jon schipp"
@insightbb.com.
I prefer encrypted mail, when dealing with sensitive data.
Fax & VMB: 206-426-1406
Dubois County Linux User Group - http://www.dclug.org
BloomingLabs - http://www.bloominglabs.org
ISSA-Kentuckiana - http://issa-kentuckiana.org
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 53, Issue 4
***********************************************
No comments:
Post a Comment