CSA on SafeMode

Unanswered Question
Feb 20th, 2007

how do does the CSA address the issue if a local administrator boots the system(windows) in SafeMode?

Is this a vulnerability? knowing that the CSA will not start if the system runs on a safemode. We are concerned on what that local admin will do to the system.

how do we solve this issue?

thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tsteger1 Wed, 02/21/2007 - 12:38

There is a way to make safe mode cause the system to crash but if you're worried about local admins bypassing security, I would look for another method.

Do you have a written policy that says they are not allowed to mess with their machines?

You'll find out when it happens and the host stops reporting to the MC and then you can take corrective action.

JMTC, Tom

pmccubbin Wed, 02/21/2007 - 13:16

I'm with Tom in that I prefer a written Security Policy and the implied threat of punitive action, rather than trying to engineer a technical fix to prevent Local Admins from bypassing security.

In my experience, there must be a buy-in from Top Management for any security system to work

effectively. In the case of CSA they must be willing to pick up the phone and call people who shut down CSA without a documented reason.

Managers will have all the proof they need by a quick glance at the Events Log to make these calls. This paper trail will keep them from being accused of harassment and if the employee continues violating the security policy will give them the grounds for termination.

In sum, let the CSA do what it does best, namely, protect assets and let management enforce the penalties for violations of policy.

Hope this helps.

Actions

This Discussion