Re: comments on handbook chapter



On Thu, 07 Sep 2006 13:21:37 +0200
des@xxxxxx (Dag-Erling Smørgrav) wrote:

"Travis H." <solinym@xxxxxxxxx> writes:
``You do not want to overbuild your security or you will interfere
with the detection side, and detection is one of the single most
important aspects of any security mechanism. For example, it makes
little sense to set the schg flag (see chflags(1)) on every system
binary because while this may temporarily protect the binaries, it
prevents an attacker who has broken in from making an easily
detectable change that may result in your security mechanisms not
detecting the attacker at all.''

Uh? Since when do we have crap like that in the handbook? It should
be removed with extreme prejudice.


Grepping three of these lines, I cannot find it. Tell me Travis,
what URL did you read this from?

--
Tom Rhodes
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: comments on handbook chapter
    ... with the detection side, and detection is one of the single most ... important aspects of any security mechanism. ... I'm not clear on how anyone is interpreting that passage to suggest that unequal weight should be given to one side or the other (detection vs. prevention). ... In the extreme case where we take absolutely every possible preventative security measure, logically, the only attacks that can succeed are those that we didn't know about, that we did not foresee, and thus that we could not prevent against. ...
    (FreeBSD-Security)
  • Re: comments on handbook chapter
    ... with the detection side, and detection is one of the single most ... important aspects of any security mechanism. ... prevents an attacker who has broken in from making an easily ... Since when do we have crap like that in the handbook? ...
    (FreeBSD-Security)
  • Re: comments on handbook chapter
    ... Dag-Erling Smørgrav wrote: ... with the detection side, and detection is one of the single most ... important aspects of any security mechanism. ... prevents an attacker who has broken in from making an easily ...
    (FreeBSD-Security)
  • Re: all port scan attack notifications
    ... going to use something as simple and noisy as a regular port scan. ... IP will be rotated so you don't know it's the same attacker. ... detection time when that happens. ... investigation turn out to be from a companies mail server. ...
    (microsoft.public.isa)
  • Re: [Security] [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking
    ... attacker breaks into unprivileged user-space ... When running local kernel exploits, ... the difference is possible _detection_ via a silent alarm. ...
    (Linux-Kernel)