Re: [PLUG] "IT Security for Non-Dummies"?

[Doug Stewart <zamoose@gmail.com>]

Another layer to the system could well
be a revision-controlled filesystem, in which SA's could run a VCS-style diff and see what files were changed and when. Expensive (performance-wise) and overkill for day-to-day operations, but it could be forensically invaluable. 

--
Doug Stewart

On Jul 12, 2011, at 8:09 AM, Rich Freeman <r-plug@thefreemanclan.net> wrote:

> On Tue, Jul 12, 2011 at 7:29 AM, Floyd Johnson <fljohnson3@isp.com> wrote:
>> What are they doing so horribly wrong? (2) What should we be doing to
>> avoid replicating their mistakes?
> 
> Well, I'm not sure which breach you're referring to specifically, but
> I think the problem is that our whole security model is fundamentally
> unsuited to keeping determined attackers out.
> 
> The typical operating system is very permissive by default.  This
> makes administration much more convenient, but it makes security very
> difficult.  There is almost no defense in depth - once somebody is in
> the game is over.  There is usually no provision on a typical system
> for verification of integrity, so once somebody is in cleanup is very
> difficult.
> 
> To give an example, I'm a Gentoo developer.  Gentoo includes some
> support for SELinux, but it is fairly limited.  To truly support
> something like SELinux you need to have definitions/etc for every
> package on the system, since it is much more non-permissive by
> default.  Few people want to bother with that.  And I wouldn't say
> that SELinux itself is the ultimate solution.
> 
> Likewise, anybody can download and install tripwire.  However, if you
> update packages every day, then you need to update tripwire
> definitions every day.  How do you know that something bad won't slip
> in between updates?  And, how do you conveniently store those updates
> for a remotely-located server such that they don't get tampered with?
> 
> The only solution I can see is an OS with security that is fully
> integrated.  The OS includes defense in depth (non-permissive by
> default, tuned granular permissions per application, etc).  The OS
> includes tripwire-like functionality, with signed manifests/etc from
> the source (so instead of just scanning everything on your system you
> carefully manage a database of hashes, all signed by their sources).
> The OS utilizes commercially available hardware to support secure
> storage of hashes/etc - with some kind of mechanism to prevent
> tampering.  The system verifies itself during boot, or during every
> process load, etc.
> 
> The modern PC with TPM/etc actually supports much of this, and most of
> the components needed to make this work are available (but not
> integrated).  However, most people can't be bothered with it, and so
> nobody scratches that itch.  Which would you rather run - Ubuntu, or
> some Ubuntu clone with 5% of the packages but with security
> definitions for all of them?  Sure, 0.01% of the linux community would
> like the latter, but they'll never be able to sustain the mass of
> developers needed to maintain it.
> 
> The problem with security is that poor security is usually good enough
> to get the job done.  So, there is little incentive to do better
> unless things get much worse...
> 
> Rich
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug