SecurityFocus

Circumventing quarantine control in Windows 2003 and ISA 2004 May 18 2006 09:49AM
Memet Anwar (mmta gm gmail com) (4 replies)

Re: Circumventing quarantine control in Windows 2003 and ISA 2004 May 23 2006 04:24PM
Mark Senior (senatorfrog gmail com) (1 replies)

Re: Circumventing quarantine control in Windows 2003 and ISA 2004 May 24 2006 08:07AM
Memet Anwar (mmta gm gmail com)

Re: Circumventing quarantine control in Windows 2003 and ISA 2004 May 23 2006 03:01PM
3APA3A (3APA3A SECURITY NNOV RU)

Dear Memet Anwar,

MA> The problem is due to how the requirements are
MA> validated, it is trivial for users to trick RRAS/ISA into believing that the
MA> client's system are always aligned with the requirements, regardless the
MA> actual condition.

If you have local administrator level access to the box you can bypass
any "internal" checks for this box. You can bypass any Domain policies.
You can do everything.

Quarantine Control was not designed to protect against attack of this
kind. It's a tool to check policy matching, not to protect

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/vpnroamingqua
rantine.mspx

-=-=-=-=- Quote begin -=-=-=-=-

Although Quarantine Control does not protect against attackers,
computer configurations for authorized users can be verified and, if
necessary, corrected before they can access the network.

-=-=-=-=-= Quote end =-=-=-=-=-

--
~/ZARAZA
http://www.security.nnov.ru/

[ reply ]

Re: Circumventing quarantine control in Windows 2003 and ISA 2004 May 23 2006 10:36AM
Andreas Beck (becka-list-bugtraq bedatec de)

RE: Circumventing quarantine control in Windows 2003 and ISA 2004 May 23 2006 12:15AM
Roger A. Grimes (roger banneretcs com)