[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to block telnet access.



In <Pine.SUN.3.96-heb-2.07.990926205339.18979A-100000@actcom.co.il>, guy keren <choo@actcom.co.il> writes:

> On 26 Sep 1999, Adam Morrison wrote:
> 
> > The point being, again, that you probably can't rewrite you entire
> > system securely.  But you can implement and verify a few select
> > services.
> 
> you'll need to ba a super-programmer to be 100% sure that the code for the
> services you are running can NOT be exploited. unfortionatly, most sys
> admins are not super-programmers (or are not even programmers at all)...

I never said implementing strong security measures was trivial.
Luckily, such an effort doesn't have to be repeated.  In fact, it's
probably a good idea to not duplicate it; the notion that you have to
be a security expert to be connected to the Internet is silly.
(Sadly, it's more-or-less true nowadays, but it SHOULDN'T be true.)

To give an example, you don't need to know a lot to run OpenBSD.  But
the security people at OpenBSD do know what they're doing.  (Note that 
I'm NOT saying that OpenBSD is 100% secure.)

> and please stop telling me that you can "inspect and secure" it - you can,
> truly, but not to a 100% level.

Sorry, I disagree.  When something is properly designed and small
enough, it is quite possible.  (Like I noted earlier, these days
``properly designed'' probably means little reliance on vendor
libraries and other possibly insecure software.)

> > That works for the specific case of dealing with unlucky losers.  The
> > moment your attacker is either skilled, or just plain lucky
> > (i.e. manages to use the latest exploit in the small window of time
> > before you patch your system) then you've lost.  That's fine, but I
> > just wanted to pointed out that you can have something more reliable.
> 
> i think that you and Or are saying the exact same thing, Adam. both of you
> claim it is not possible to make a system 100% secure, and both of you
> agree that each percent counts, and that 95% or 50% is not the same thing.

I don't think so.  First, what I've been saying is that under a
certain threat model (which I established in a previous message), it
IS possible to make a system secure.

Second, I'm trying very hard NOT to use terms like ``95% secure''.
Partial security isn't.  In other words, I don't believe that 95% or
50% are ``not the same thing''.  They are.  Insecure.

> that's why the sain rule is "first decide how important is the system and
> its resources to you, and based on that decide how much effort to spend on
> securing it".

That's the economical side of the equation, not the technical side.

It's possible to architect a system to be secure against the certain
threats we're talking about.  It may very well be that you can't
afford to do so; that doesn't make it impossible.

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il