OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
FreeBSD Security Archives: Re: Real-time alarms

Re: Real-time alarms

Brett Glass (brettlariat.org)
Sun, 19 Sep 1999 18:11:52 -0600

At 01:33 PM 9/19/99 -0600, Nate Williams wrote:

>Email is trivial to forge

With strong encryption?

>and/or snarf,

Depends how it's done.

>and is not
>secure by any stretch of the imagination.

More strides have been made toward good security for e-mail than for
any other type of computer facility. Why? because e-mail is the thing
that people, overall, MOST want to be secure.

That's the reason why I suggest it. It's not always the ideal method
for secure notification, but the ways of authenticating and securing it
are better developed than for other methods. So, it may be the best bet,
at least to start.

>Case in point. Tripwire is *NOT* a breakin-avoidance system, it's a
>breakin-detection system. Breakin detection systems are at best poor
>and at worst useless, and so far no-one has found a way to make them any
>better. :(

Break-in detection systems work very well in the physical world, where --
as we all know -- it's ultimately possible to break into nearly
anything if you employ sufficient force or defeat a perimeter defense.
They're especially valuable in multi-layered security systems, where
they can detect a breach of an outer perimeter and report it before
an intruder can get through an inner perimeter.

I think they're a valuable asset in the virtual world, too, especially
if used in conjunction with multi-layered security. In BSD UNIX,
"securelevels," immutable files, etc. are the as-not-yet-perfected
inner layer.

--Brett

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

This archive was generated by hypermail 2.0b3 on Sun Sep 19 1999 - 19:11:10 CDT