I have an interesting scenario here. I was doing a security audit on Solidifier installed on Windows and below are my results.
a) I created an executable (Solid.exe) which reads, write and execute the configuration (XML) file. I solidified the system and then modified the XML file to delete few files, directories and executable from the system.
When I executed Solid.exe, I was able to delete the files, directories and executable from the system.
This means that solidifier do not protect XML and other CFG files ? These configuration files can be tampered, modified and can be used to perform unintended actions cause a denial of service ?
b) I created some registry files which hardens the TCP and I solidified the system. Then I changed the registry values to make the system insecure ( no more TCP hardening). I executed the registry file and the registry update was successful.
I know we have write-protect-reg and write-protect, but due to some requirements, you may can't completely lockdown people from writing into registry or config files.
Is there way to achieve this ?
Message was edited by: sagarmc004 on 4/19/13 12:14:26 AM CDT
Message was edited by: sagarmc004 on 4/19/13 12:17:53 AM CDT
Message was edited by: sagarmc004 on 4/19/13 3:53:28 AM CDT
Message was edited by: sagarmc004 on 4/19/13 3:54:05 AM CDTMessage was edited by: sagarmc004 on 4/19/13 3:55:19 AM CDT