Re: self authentication for sensors in ids ?
From: Stefano Zanero (stefano.zanero_at_ieee.org)
Date: 01/30/04
- Previous message: Andy Cuff: "Re: Can Of Worms - Attack Mitigation Systems vs. Network IPS"
- In reply to: Michal Melewski: "Re: self authentication for sensors in ids ?"
- Next in thread: Michal Melewski: "Re: self authentication for sensors in ids ?"
- Reply: Michal Melewski: "Re: self authentication for sensors in ids ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jan 2004 12:59:46 +0100 To: focus-ids@securityfocus.com
Michal Melewski wrote:
> 2. If IDS administrator is sure, that sensor hasn't been compromised he gives
> the sensor a password for his gpg key and activate it.
How ? A password of which key ?
> 3. When sensor is active he can send alarms and each packet should be signed
> and encrypted, and of course supplied with a md5 sum (or better sha1) of
> currently running code.
And what is there to prevent an abuser to send packets with the known
good md5sum ?
> If attacker managed to replace a sensor, the gpg sign wouldn't be valid
Again: how is that possible ? Where do you store the password ? If it's
in the running code on a compromised machine, it's not secure.
Stefano
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Andy Cuff: "Re: Can Of Worms - Attack Mitigation Systems vs. Network IPS"
- In reply to: Michal Melewski: "Re: self authentication for sensors in ids ?"
- Next in thread: Michal Melewski: "Re: self authentication for sensors in ids ?"
- Reply: Michal Melewski: "Re: self authentication for sensors in ids ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
