Re: [fw-wiz] Mis-attribution - Re: How automate firewall tests

Thanks for this correction, especially as Crispin actually *does*
believe in positive security models, and MJR should know that by now :)
My main product (AppArmor <http://en.opensuse.org/AppArmor>) uses a
hybrid white list/black list model:

* Within the confinement policy for a single program it is white
list (positive security model): each profile specifies what a
program can do, and it can't do anything else.
* System-wide, it is black list (negative security model): we only
confine specified programs and their offspring.

It seems obvious to me that positive security models are more secure,
and negative security models are easier to live with. So use positive
security models where you can, and negative security models where you
have to.

Crispin

Chris Blask wrote:
Sorry for the re-opening of old threads, but I just noticed that
Marcus incorrectly flamed Crispin for my words, and I hate for
someone else to be slapped in my stead. I can' t find Crispin's
contact info, so someone please forward this to him with my apologies
for drawing fire in his direction.

At 09:29 AM 8/28/2006, Marcus J. Ranum wrote:

Crispin Cowan wrote: [CORRECTION - should be: "Chris Blask wrote:"]

Problem is, I don't believe in positive security models in the real world

That's OK. It doesn't matter whether you do or not. You can choose to
go around not believing in the laws of physics, either. But that doesn't
change the fact that "the bigger they come, the harder they hit."


The "laws of physics" analogy is more aptly applied to the "positive
security is the only answer" position, imho.

There is no doubt that, given infinite resources, a perfect security
implementation could be created. There is also no doubt that, given
infinite resources, a mouse's droppings could be accelerated past the
speed of light - it's just that the energy resources needed exceed
the energy content of the universe itself, so it's rather impractical.

This is the same set of arguments as "a perfect space shuttle cannot
be built, therefore man should abandon space flight" thread. The
fact that the Internet exists despite its imperfections - and in
existing it serves a myriad of positive purposes - is identical to
the fact that humans continue to explore space despite two
shuttle-loads of dead astronauts and wrecked hardware littering the
surface of Mars. Unless and until the financial resources can be
harnessed to pay the salaries of the hardware and software engineers
necessary to build - from the ground up - a network whose components
are *all* founded on security as the primary function, there will be
no single implementation of an information system that truly
satisfies the positive security model.


The state of the industry today is a direct result of the fact that a lot of
you don't "believe" in a positive security model, or "believe" that security
is something that can be negotiated as part of some mysterious balancing
act between "business needs" and "security requirements." What people
don't get is that the hackers don't give a rat's ass about where you choose
to establish your balance between fantasy and reality: all they need is one
hole and your balance is yesterday's fine dream and today's front page
news.


True enough. I suppose the difference being debated here is whether
it is worth doing anything at all, ever, or conversely whether we
should all throw our hands up and stomp of in righteously pompous indignation.

I can say for certain that every security product I have been
involved with - which therefore includes the security deployed on
more than half of all networks in the world - would simply not exist
if the costs involved had included the necessity of designing every
single component to the utmost security conceivable before shipping a
single unit. There could have been no use of Intel ethernet chips,
no re-use of any pre-existing code, no use of existing printed
circuit boards - and every device would have to cost more than the
net-worth of most customers' company and none would ever have been
deployed except at a few elite government or mega-corporation sites.


For the last 15 years we've been presented with a constant litany of
important agencies, sites, and systems that have been hacked into
because people don't believe that doing security right is practical. I'm
OK with that (it's not my problem!)(*) but I get really disgusted when
people publicly announce:
"I BELIEVE THE EARTH IS FLAT AND WILL CONTINUE TO KEEP
TRYING TO KEEP IT THAT WAY."


Sorry, I'm not sure which side you are arguing on. Is the above
shouted quote supposed to be my position, or conversely is it the "no
security can be deployed unless it costs $1,000,000 per site" argument?


C'mon, ["CHRIS" - Corrected 12/11/2006 - cb] - if you don't believe
in positive security models what's
your alternative? "Kludge stuff forever"? That's working just great.
"User education"? Fantastic. Stellar. "Risk management"? The
hackers love risk management. It's one thing to say you don't believe
but it's a hard position to hold when the stuff you DO appear to believe
in has obviously failed to work.


The Internet doesn't exist, then? Every network connected to it is
compromised every second of every day? Hackers have caused the
complete and irrecoverable collapse of all businesses, educational
activities, "grandmothers' knitting" email list...? Did I miss the news?

Yes, in fact, the current approach that is being used on the Internet
is "working just great". If you want to join forces with Microsoft
and build the perfect "Information Superhighway" before deploying a
single connection, you are welcome to (well, you actually have to
talk them back into that approach, since they gave up a decade
ago). In the meantime, us poor idiots including the entire
readership of this list will just keep failing in everything we do
because we are too stupid to realize that every single action we take
is misguided and useless and that our ill-conceived networks only
*appear* to be running seven days a week.


(* Well, it is, really. I mean, as a veteran, I know now that the VA
nicely published my personal information because of "practical"
"business needs" etc etc etc)


Since I don't believe that I can exist in the real world without
interacting with it, I'll save the hackers the energy and include my
personal information below. Now that that is out of the way, I can
focus on the hopeless pursuit of increasing the security of others
from where it happens to be right now in the real world to where I
would like it to be.

-chris


Chris Blask
Founder and CEO
Lofty Perch Inc

If you want to live in a world in which the computer is a panacea
rather than a plague, there are a few crucial things that must be
done. Do not leave the responsibility for the social impact of
computer applications in the hands of technicians. Insist on
individual, government, and corporate responsibility and liability
for the computer's effect on people. Recognize the computer as an
inanimate tool with enormous potential for either good or evil, the
choice of which is in the hands of men and women, not inanimate systems.

Our government is designed so that you are neither dependent on the
excellence of your leaders nor vulnerable to their failings; so too
should you be free of the men and women who make and run your computers.

- Stanley Rothman & Charles Mosmann: Computers and Society, 1976

1231 King Street West
Toronto, Ontario, Canada
M6G 1K3
Cell - +1 416 358 9885
Home - +1 705 766 1391


chris@xxxxxxxxxxxxxx

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com
Hack: adroit engineering solution to an unanticipated problem
Hacker: one who is adroit at pounding round pegs into square holes

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards