Rich Freeman on 12 Jul 2011 05:56:28 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] "IT Security for Non-Dummies"?


On Tue, Jul 12, 2011 at 8:37 AM, Doug Stewart <zamoose@gmail.com> wrote:
> Another layer to the system could well
> be a revision-controlled filesystem, in which SA's could run a VCS-style diff and see what files were changed and when. Expensive (performance-wise) and overkill for day-to-day operations, but it could be forensically invaluable.

Only if half the processes on the system don't run with privileges
capable of directly accessing the disk devices.  I checked and right
now my desktop has 153 processes running with UID=0, and any of those
could directly manipulate any filesystem on the disk.

And I'll ++ the suggestions to improve network security.  Again, we
put all our effort into border protection and have no protection
inside.  Just as any process running under my uid can hose any file in
my home directory regardless of need, any PC on my employer's network
can open connections to any other regardless of need.

Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug