Current time: 11-17-2019, 06:30 PM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
public instance security and abuse
11-04-2015, 02:20 AM
Post: #2
RE: public instance security and abuse
There's not really a lot you can do if you want to support older versions of IE (insecure by definition) and being able to drop a trojan doesn't require admin access. It's also why the first line in the docs for hosting a public instances is "EXPECT TO BE HACKED!".

Direct compromise shouldn't be possible since the machines require no inbound access and all traffic can be firewalled. Hacks will typically be a result of browsing malware pages (or ads).

There are things that can be done to help mitigate the issue but no way to completely prevent it given that by design we are browsing to any arbitrary page that users want us to visit. Some mitigations include:

- Public server blocks testing of URLs flagged by Google's safe browsing API
- Can run a lightweight antivirus on the test agent (Microsoft's tends to be the best as far as impact on systm resources, I wouldn't recommend Norton, McAffee, AVG, Avast or any of the others that border on malware themselves)
- Can run the agent as a stateless VM and reset state periodically (nightly?). That would also reverse security updates though
- Only support the latest browser (IE 11, Firefox, Chrome)

If you know of specific agents with issues then please let me know and I can work with the partner running the location to re-image the test machine.

As far as rapid-fire tests go, that should independent of the agents themselves as tests can only come through the central server. I maintain a blacklist of IP's and URLs that testing is blocked for because of abuse so usually they will only get a one-time benefit of a few page views before they are blocked from testing. It does happen but not all that often. At one point I had experimented with automatic rate limiting but that blocks a lot of valid use cases so it's a manual process right now.
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
RE: public instance security and abuse - pmeenan - 11-04-2015 02:20 AM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)