I always find it enjoyable when system administrators make it annoyingly easy to circumvent their security measures. Typically, these would include the installation of software and such. Some things I've had left open on this school PC:
All of this could be prevented to a great extent with two items: a whitelist of programs and locking the boot sequence. I'm not sure of the feasibility of locking the boot, considering it seems that doing so would apply to any booting with the BIOSs I've seen.
It's amazing how stupid these guys who are put in charge of managing these computers can be. Any thoughts? I just finished making a new live USB on a new 16GB USB drive, so I shall reboot... or just shut down, given the time.
I'll likely be joining IRC from a mobile device, though.
- I can boot from external media. This was an amazing failure by the system administrators. The tablets contain no optical drive, but two USB ports and an SD card port are available for use, and the boot sequence is set to go directly to hard drive boot. However, one can simply press F9 (the boot selection menu for these), and select a USB drive or the SD card.
- I am not an administrator. It's not possible to install software. Well, okay, but many installers of various types can be extracted in some form or another. NSIS can easily be extracted with 7-zip, and I can use a program called Uniextract (Universal Extractor) for MSIs and such as well.
- Portable Apps. Everyone can use them, though there may be a few bits of data to remove.
All of this could be prevented to a great extent with two items: a whitelist of programs and locking the boot sequence. I'm not sure of the feasibility of locking the boot, considering it seems that doing so would apply to any booting with the BIOSs I've seen.
It's amazing how stupid these guys who are put in charge of managing these computers can be. Any thoughts? I just finished making a new live USB on a new 16GB USB drive, so I shall reboot... or just shut down, given the time.
I'll likely be joining IRC from a mobile device, though.