.

Prevent ntpasswd?

<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Wed Dec 07, 2011 6:48 pm

Prevent ntpasswd?

So, I was playing around with the Offline Windows Password & Registry Changer earlier today (basically a stripped down version of Linux with the ntpasswd tool installed), and it got me thinking. Is there any way to prevent someone from using this tool against your workstation/laptop? I mean, to use the tool implies that you already have physical access, which (in my opinion) makes the attack 90% easier. The tool is able to change or just flat out remove passwords for any user accounts, has the ability to enable accounts that have been disabled, and elevate privileges for users that are not Administrators. It also has a registry editor, which has come in quite handy on more than one occasion.

The only thing I could come up with would be to remove USB/CD/floppy from the available boot drives, and set a BIOS password so it can't be changed. I know that on desktops, you can clear the CMOS pretty easily if you have physical access (which we're already implying is the case), and that usually clears a BIOS password. Not sure if you can do that on a laptop. Is there any way to harden Windows against this type of attack? Encrypt the partition?
I'd love to hear everyone's opinion on this.
Last edited by eth3real on Wed Dec 07, 2011 6:59 pm, edited 1 time in total.
Put that in your pipe and grep it!
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Wed Dec 07, 2011 9:20 pm

Re: Prevent ntpasswd?

I think you listed the ways... block booting and encrypt the drive.
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Wed Dec 07, 2011 10:14 pm

Re: Prevent ntpasswd?

I figured you would say that. :P

Since BIOS passwords can potentially be reset leaving the boot options open again, partition encryption sounds like the only reasonable approach. That being said, is there really any way to implement partition encryption across a corporate network?

Or the obvious answer, just install Linux. lol
Put that in your pipe and grep it!
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Thu Dec 08, 2011 8:17 am

Re: Prevent ntpasswd?

I believe Checkpoint Full disk encryption can support network based encryption policies and push out the command to encrypt the disk.  It also handles media encryption as well. 
Certs: GCWN
(@)Dewser
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Dec 08, 2011 10:00 am

Re: Prevent ntpasswd?

Our company uses McAfee Endpoint Encryption. Seems to work pretty well.
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Thu Dec 08, 2011 10:24 am

Re: Prevent ntpasswd?

Thank you 3xban and BillV, very helpful info. I'm really not too worried about this kind of attack, but it was something that crossed my mind yesterday and I just wanted to see if anyone had security measures against it. I hope others can get some use from this information.
Put that in your pipe and grep it!

Return to Hardware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software