An attack vector which Vista is supposed to withstand?

  • Thread starter Thread starter Roof Fiddler
  • Start date Start date
R

Roof Fiddler

If I have a laptop with:
TPM hardware
Vista with bitlocker, set to automatically boot up using the key in the TPM
module
Vista's default security settings, including default UAC settings and
filesystem ACLs
one non-administrator account in Vista, with the password written on a
sticky note on the laptop
one administrator account with a 20-random-character password not written
down anywhere
files in the administrator's home directory which contain information worth
a couple million dollars

and this laptop is stolen by a thief who's trying to get those files, is it
realistic to expect that the thief will be unable to read them? (Assume here
that attacking the TPM module itself will not succeed.)
 
Windows Vista mitigates this situation pretty well. Here are some of the
attack vectors available to the attacker:

1) Cracking the password to an account with privileges to the file

2) Privilege escalation attack - taking advantage of a bug in a windows
service / scheduled task / driver / etc that runs with admin privileges,
either to change ntfs permissions on the file, or other means

I'd say overall the security provided by this scenario is "better than
anything available with XP", but certainly not up to par for a file worth
millions of dollars.
 
There are two failures here, neither of which is technical:
a.. a password is written on a sticky note
b.. the user of the computer (I presume the non-admin user) is allowed to share a computer with another user, who logs on as an administrator and is involved in the organization's large financial dealings
Another way of diagnosing the failures is this:
a.. the owner of the computer, involved in the organization's large financial dealings, operates his computer as an administrator
b.. this person shares his computer with another person, who keeps his/her password on a sticky attached to the computer
The correct mitigation here is to fix these problems.

______________________________________________________
Steve Riley
(e-mail address removed)
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


If I have a laptop with:
TPM hardware
Vista with bitlocker, set to automatically boot up using the key in the TPM
module
Vista's default security settings, including default UAC settings and
filesystem ACLs
one non-administrator account in Vista, with the password written on a
sticky note on the laptop
one administrator account with a 20-random-character password not written
down anywhere
files in the administrator's home directory which contain information worth
a couple million dollars

and this laptop is stolen by a thief who's trying to get those files, is it
realistic to expect that the thief will be unable to read them? (Assume here
that attacking the TPM module itself will not succeed.)
 
Back
Top