Absolute Pwnage: A Short Paper about the Security Risks of Remote Administration Tools
نویسندگان
چکیده
Many IT departments use remote administration products to configure, monitor, and maintain the systems they manage. These tools can be beneficial in the right hands, but they can also be devastating if attackers exploit them to seize control of machines. As a case study, we analyze the security of a remote administration product called Absolute Manage. We find that the system’s communication protocol suffers from serious design flaws and fails to provide adequate integrity, confidentiality, or authentication. Attackers can exploit these vulnerabilities to issue unauthorized commands on client systems and execute arbitrary code with administrator privileges. These blatant vulnerabilities suggest that remote administration tools require increased scrutiny from the security community. We recommend that developers adopt defensive designs that limit the damage attackers can cause if they gain control.
منابع مشابه
A Study on Factors Affecting Operational Electronic Banking Risks in Iran Banking Industry (Case Study: Kermanshah Melli Bank)
Nowadays, advances in information and communication technologies, has provided an opportunity for banks to provide their electronic services to their customers in remote areas. This technological innovation by E–banking systems has brought about many benefits to customers while it has been accompanied by a number of risks including the operational ones. This risks need to be identified and mana...
متن کاملCompliance and Security Challenges with Remote Administration
Remote administration of IT systems is not a new concept. Over the years, many organizations have looked for ways to make systems administration and troubleshooting more efficient. Remote administration offers a cost-effective way to add systems management capabilities while reducing travel costs and minimizing downtime. There are many types of remote administration tools and methods available ...
متن کاملFPGA Implementation of JPEG and JPEG2000-Based Dynamic Partial Reconfiguration on SOC for Remote Sensing Satellite On-Board Processing
This paper presents the design procedure and implementation results of a proposed hardware which performs different satellite Image compressions using FPGA Xilinx board. First, the method is described and then VHDL code is written and synthesized by ISE software of Xilinx Company. The results show that it is easy and useful to design, develop and implement the hardware image compressor using ne...
متن کاملAnalyzing Tools and Algorithms for Privacy Protection and Data Security in Social Networks
The purpose of this research, is to study factors influencing privacy concerns about data security and protection on social network sites and its’ influence on self-disclosure. 100 articles about privacy protection, data security, information disclosure and Information leakage on social networks were studied. Models and algorithms types and their repetition in articles have been distinguished a...
متن کاملبررسی ورتبه بندی عوامل مؤثربرریسک عملیاتی بانکداری الکترونیکی در بانک مسکن (مطالعه موردی: شعب بانک مسکن در استان لرستان)
One of the essential tools for achieving the expansion of e-commerce is e-banking system. One of the major risks identified in the field of electronic banking, is operational risks. Accurate understanding of banks about the concept of operational risk to monitor and manage this specific category of risk effectively is vital. This study aimed to identify and rank the six factors, outsourcing, an...
متن کامل