[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to block telnet access.
On Sun, 26 Sep 1999, Adam Morrison wrote:
> > *every* computer connected to the net, or with users on it can be
> > compromised.
>
> That's misleading.
>
> For any security discussion not to become silly, the relevant threat model
> must be defined. The threat model in this case, as I see it, has one main
> assumptions, namely that attacks will only be carried out over the Internet.
> Thus, we implicitly assume that the following are irrelevant:
>
> 1) Physical access. (This deals with all the armed guards related
> arguments.)
>
> 2) Specific identity and/or aggression of the attackers. (This
> deals with arguments like ``what if the CIA threatens to rape
> and kill all your kids unless you tell them the root password'').
>
Agreed. I don't believe that anyone raised those arguments here ...
> Given this, I do NOT agree that a system that is adequately protected from
> the network and has TRUSTED users ``can be compromised''.
>
> ``Adequately protected'', in this case, refers to allowing a very specific
> (and minimal) set of services to be reachable from the network. Because of
> their small numbers, they can be inspected and secured.
They can be inspected and secured ?
Take SSH, for example. (I'm assuming that some form of outside login is
wanted. The main two alternatives are SSH, and various OTP schemes (be it
s/Key, SecurID ..)). What about the recent Kerberos SSH hole ? I'm not
aware of anyone exploiting it, but given sufficient time, trust someone to
find a hole.
>
> > the question is howhard is it. Assuming a decent OS, a decent sysadmin
> > (Keeping himself *very* updated with security alerts (Bugtraq advisories,
> > etc ... (I'd say cert, but cert hasn't been releasing anything worth
> > reading for quite some time)), and a good enough setup --- compromising
> > the security (even from the inside),
>
> The question in this case was specifically about ``from the inside''.
>
> So, in your scenario, what happens when someone exploits a newly announced
> problem before the admin manages to fix it?
>
> What happens when someone exploits a problem before it is even posted to
> bugtraq and friends? (You know, not everyone gets their information from
> bugtraq and the CERT. Especially hackers.)
>
Assuming sufficient skill on the intruders part, there isn't much you can
do. There are precautions you can take to make things harder, and to help
you analyze things after the event happened (Tripwire/ the likes).
However, the basic issue here (IMHO), is - Compare the percentage of
people able to compromise the security of a vanilla RH5.0/Irix 5.3/<insert
favorite insecure OS here> from the inside, to the percentage of people
able to compromise a Secure OS, properly set up ?
> > damage can be confined (Assuming you _do_ have other machines on your
> > network).
>
> Confined in what sense? It's generally accepted that once attackers gain
> root, you've lost. (Even if root is gained in a jail of some sort.)
I actually meant confined from the network point of view. Simple design
precautions -- seperate critical services to ``System-only'' servers, and
don't let users on them. (which is a good idea due to other issues as well
.)
> So in other words, university computers are not secure. In real life, this
> usually leads to one of the following scenarios:
>
> 1) The university's network is Swiss cheese.
>
> 2) The university's admins are constantly fighting hacker-related
> fires.
>
> 3) The university enforces strict usage rules (e.g., no external
> logins) thus reducing the number of potential attackers.
>
>From my experience, 1 & 2 usually happen. and furthermore --- in a
university setting, the sysadmin is quite limited in what he _can_
enforce.
-- Ors.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il