Re: comments on handbook chapter

From: Claude Buisson <cbuisson@xxxxxxxxx>
Date: Thu, 07 Sep 2006 15:02:03 +0200

Dag-Erling Smørgrav wrote:

"Travis H." <solinym@xxxxxxxxx> writes:
``You do not want to overbuild your security or you will interfere
with the detection side, and detection is one of the single most
important aspects of any security mechanism. For example, it makes
little sense to set the schg flag (see chflags(1)) on every system
binary because while this may temporarily protect the binaries, it
prevents an attacker who has broken in from making an easily
detectable change that may result in your security mechanisms not
detecting the attacker at all.''

Uh? Since when do we have crap like that in the handbook? It should
be removed with extreme prejudice.

DES

$FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v 1.28 2000/03/25 00:19:02 jim Exp $

Claude Buisson

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

References:
- comments on handbook chapter
  - From: Travis H.
- Re: comments on handbook chapter
  - From: Dag-Erling Smørgrav

Prev by Date: Re: comments on handbook chapter
Next by Date: Re: comments on handbook chapter
Previous by thread: Re: comments on handbook chapter
Next by thread: Re: comments on handbook chapter
Index(es):
- Date
- Thread

Relevant Pages

Re: comments on handbook chapter
... with the detection side, and detection is one of the single most ... important aspects of any security mechanism. ... I'm not clear on how anyone is interpreting that passage to suggest that unequal weight should be given to one side or the other (detection vs. prevention). ... In the extreme case where we take absolutely every possible preventative security measure, logically, the only attacks that can succeed are those that we didn't know about, that we did not foresee, and thus that we could not prevent against. ...
(FreeBSD-Security)
Re: comments on handbook chapter
... des@xxxxxx (Dag-Erling Smørgrav) wrote: ... with the detection side, and detection is one of the single most ... important aspects of any security mechanism. ... prevents an attacker who has broken in from making an easily ...
(FreeBSD-Security)
Re: comments on handbook chapter
... with the detection side, and detection is one of the single most ... important aspects of any security mechanism. ... prevents an attacker who has broken in from making an easily ... Since when do we have crap like that in the handbook? ...
(FreeBSD-Security)
Re: all port scan attack notifications
... going to use something as simple and noisy as a regular port scan. ... IP will be rotated so you don't know it's the same attacker. ... detection time when that happens. ... investigation turn out to be from a companies mail server. ...
(microsoft.public.isa)
comments on handbook chapter
... ``You do not want to overbuild your security or you will interfere ... with the detection side, and detection is one of the single most ... prevents an attacker who has broken in from making an easily ... Another trick involves recompiling /bin/sh to check to see if it ...
(FreeBSD-Security)