cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
339
Views
0
Helpful
2
Replies

CSA on SafeMode

brian.bono
Level 1
Level 1

how do does the CSA address the issue if a local administrator boots the system(windows) in SafeMode?

Is this a vulnerability? knowing that the CSA will not start if the system runs on a safemode. We are concerned on what that local admin will do to the system.

how do we solve this issue?

thanks

2 Replies 2

tsteger1
Level 8
Level 8

There is a way to make safe mode cause the system to crash but if you're worried about local admins bypassing security, I would look for another method.

Do you have a written policy that says they are not allowed to mess with their machines?

You'll find out when it happens and the host stops reporting to the MC and then you can take corrective action.

JMTC, Tom

I'm with Tom in that I prefer a written Security Policy and the implied threat of punitive action, rather than trying to engineer a technical fix to prevent Local Admins from bypassing security.

In my experience, there must be a buy-in from Top Management for any security system to work

effectively. In the case of CSA they must be willing to pick up the phone and call people who shut down CSA without a documented reason.

Managers will have all the proof they need by a quick glance at the Events Log to make these calls. This paper trail will keep them from being accused of harassment and if the employee continues violating the security policy will give them the grounds for termination.

In sum, let the CSA do what it does best, namely, protect assets and let management enforce the penalties for violations of policy.

Hope this helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card