[sf-lug] Cheswick and Bellovin's book

Rick Moen rick at linuxmafia.com
Thu Aug 16 17:43:37 PDT 2007 

Also possibly helpful to Alex:

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

 Date: Thu, 16 Aug 2007 17:11:54 -0700
 To: debian-security at lists.debian.org
 From: Rick Moen <rick at linuxmafia.com>
 X-Mailing-List: <debian-security at lists.debian.org> archive/latest/21043
 Subject: Re: secure installation

Quoting R. W. Rodolico (rod at dailydata.net):

> Firewalls are for a stupidity shield. I had a situation where I was
> cracked on one of my servers a few years ago. It was totally my fault; I
> had a user I had mistakingly set up as an authorized ssh user who
> shouldn't have been. Their account was cracked, then the cracker got root
> access and installed a daemon that was ready to attack another server.
> 
> My firewall gave one yelp, the cracker realized what was going on and told
> the firewall to shut up, basically. However, I got that one yelp from the
> firewall, investigated, and fixed the issue.

One notes that a ruleset that merely logged (prominently) a suspicious
bit of network traffic that probably shouldn't exist would suffice.
Actual IP/port filtering is orthogonal.

A properly targeted file-based IDS would be very useful for that threat
model, too.

My perspective is influenced by the fact that all attempts to help
debug Linux networking failures have to start with "What does
/sbin/iptables L, run as root, say?" and "What's in /etc/hosts.allow and
/etc/hosts.deny?" -- because people shooting at their pedal extremities
with those, without any idea what they're doing, is a leading cause of
networking problems.

--
Cheers,              English is essentially Plattdeutsch as spoken 
Rick Moen            by a Frisian pretending to be French.
rick at linuxmafia.com  -- Andreas Johansson, http://ccil.org/~cowan/essential.html

----- End forwarded message -----
----- Forwarded message from Russ Allbery <rra at debian.org> -----

 From: Russ Allbery <rra at debian.org>
 To: debian-security at lists.debian.org
 Organization: The Eyrie
 Date: Thu, 16 Aug 2007 17:17:21 -0700
 X-Mailing-List: <debian-security at lists.debian.org> archive/latest/21044
 Subject: Re: secure installation

Yes, exactly.

All computer security is a tradeoff between security and usability.
There's no way around that except in rare win-win situations.  If you add
more security, you reduce usability.  If you reduce usability too far,
people will make stupid security decisions out of frustration and you can
easily end up in a worse situation than if you hadn't tried to add
security in the first place.  (You get users trained to press Okay on
every security-related dialog box, for example.)

I think the average end user expects that, after they have installed a
package, that package will work as advertised.  If the act of installing
the package is dangerous, I think that's something that ideally should be
dealt with at the time of the installation decision, while the user is
thinking about it.  A debconf question asking the user if they really want
to listen to Avahi events on the local network, for example.  Letting the
package install but then rendering it partly non-functional with a
firewall that has to be changed somewhere else or that will pop up the
first time the user tries to use some bit of functionality (possibly weeks
later) strikes me as bad user interaction design.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>

----- End forwarded message -----

More information about the sf-lug mailing list