EMET - a hidden Windows jewel!
Thread Starter
Plastic PPRuNer
Joined: Sep 2000
Posts: 1,902
Likes: 0
From: Rochechouart, France
EMET - a hidden Windows jewel!
The little known Microsoft Enhanced Mitigation Experience Toolkit (EMET) [now at a much easier to configure V4.0] is arguably the best security software for the Windows operating system.
------------------------------------------------------------------------------------------
PS: Couple it with sudowin - Sudo for Windows | Free System Administration software downloads at SourceForge.net - and you can be tighter than a mouse's ear'ole.
(Advised reading is This is SMHAM2.ORG! and for more detail https://www.sans.org/reading-room/wh...s-sudowin-1726 - you may well need to modify sudoers.xml to update checksums and get more granular control but it is really quite simple.)
AND (drumroll) they both work with the dreaded XP...
Mac
------------------------------------------------------------------------------------------
PS: Couple it with sudowin - Sudo for Windows | Free System Administration software downloads at SourceForge.net - and you can be tighter than a mouse's ear'ole.
(Advised reading is This is SMHAM2.ORG! and for more detail https://www.sans.org/reading-room/wh...s-sudowin-1726 - you may well need to modify sudoers.xml to update checksums and get more granular control but it is really quite simple.)
AND (drumroll) they both work with the dreaded XP...
Mac
Joined: Aug 2002
Posts: 3,663
Likes: 0
From: Earth
PS: Couple it with sudowin - Sudo for Windows | Free System Administration software downloads at SourceForge.net - and you can be tighter than a mouse's ear'ole.
People should just use the built-in "run-as" tools provided by Microsoft.
Windows is not conducive to sudo like behaviour, hence the need for hacky tools such as sudowin.
Sudowin being reliant on a local server instance running as admin providing the sudo service to the client on your drop down menus and command line.
Nice little attack vector there.... hence my recommendation of AVOID.
AND (drumroll) they both work with the dreaded XP...
So please, don't sell them as a solution to the problem and don't encourage people to cling onto XP. XP will be dead in April, end of story.
Thread Starter
Plastic PPRuNer
Joined: Sep 2000
Posts: 1,902
Likes: 0
From: Rochechouart, France
Mix: I know all about Run-As - Run-As is particularly nasty.
The problem with run-as is that a user needs the administrator password since this option is to run a program as administrator and not to briefly elevate a user's rights to administrator. This is a major security risk since more people then have the administrator password. NOT a good idea! With sudowin the limited user does not need the administrator password, since sudowin relies on the users password (and sudowin rules) to elevate the command. And importantly, unlike the run-as command, Sudo for Windows preserves the user's profile and ownership of created objects.
I cannot see how sudowin broadens my attack surface - rather the reverse, particularly it is thoughtfully written and very security tunable with little effort. You should actually read https://www.sans.org/reading-room/wh...s-sudowin-1726 before reacting (yes, I know you're busy, though not too busy to react!)
But anyway, what do you think of Microsofts own EMET ???
[Which was really what my post was about}
Sorry, I shouldn't have made that joking reference to XP, I know that it's bad for your blood-pressure!
What people should really do is switch to Red Hat or Mint and then run XP in a secure VM image if they have to.
The problem with run-as is that a user needs the administrator password since this option is to run a program as administrator and not to briefly elevate a user's rights to administrator. This is a major security risk since more people then have the administrator password. NOT a good idea! With sudowin the limited user does not need the administrator password, since sudowin relies on the users password (and sudowin rules) to elevate the command. And importantly, unlike the run-as command, Sudo for Windows preserves the user's profile and ownership of created objects.
I cannot see how sudowin broadens my attack surface - rather the reverse, particularly it is thoughtfully written and very security tunable with little effort. You should actually read https://www.sans.org/reading-room/wh...s-sudowin-1726 before reacting (yes, I know you're busy, though not too busy to react!)
But anyway, what do you think of Microsofts own EMET ???
[Which was really what my post was about}
Sorry, I shouldn't have made that joking reference to XP, I know that it's bad for your blood-pressure!
What people should really do is switch to Red Hat or Mint and then run XP in a secure VM image if they have to.
