Re: And another one just for fun!

From: Dave J (requiem_at_freeuk.com)
Date: 08/25/03

  • Next message: Libero: "Re: Help to stop password sharing !" 
    Date: Mon, 25 Aug 2003 10:45:40 +0100

    In MsgID<1061742776.726467@nntp.cyberus.ca> inside of
    uk.comp.security, 'elsid' wrote:

    >> The server app is then in complete control of what can and cannot be
    >> done to the file. It can also maintain backups that mean the data can
    >> revert to it's pre attack state easily enough. Intelligent IDS style
    >> analysis of all transactions could also be implemented iside the
    >> server, with an auto shutdown on detection of anything too unusual.
    >
    >This still allows the root or super user of that system to access the file
    >in question using any tool they want. This is what you are trying to
    >prevent. An intruder gaining access via any number of means, including
    >logging onto the system with a valid password, gaining root privileges and
    >then accessing the data.

    Sorry, the element of my picture that I didn't mention was that the
    communication to the server should be via a non std filesharing route.
    The only communication between the two machines should be via the
    server application. No application no communication. At all.
    Personally, if the data wasn't two massive I'd consider a
    serial<->serial link.

    >In addition doing "detection of anything too
    >unusual" implies a statistical molding of some sort and that by definition
    >will allow an undetectable failure of the security to occur. However, using
    >an absolute rule prevents this.

    Hmm, my suggestion was like an absolute rule, but with subsequent
    filtering of all accesses that _pass_ the absolute rule. Only a
    thought anyhow, just wondered why it's not commonly done that way. 

    -- 
Dave Johnson - Requiem@freeuk.com
  • Next message: Libero: "Re: Help to stop password sharing !"

    Relevant Pages

    • Re: And another one just for fun!
      ... >> server, with an auto shutdown on detection of anything too unusual. ... An intruder gaining access via any number of means, ... communication to the server should be via a non std filesharing route. ... Hmm, my suggestion was like an absolute rule, but with subsequent ...
      (comp.security.misc)
    • RE: Build Solution from network share in VS2005 wont work - please he
      ... So the problem seems due to the file share communication between your WIN ... 2003 server and WIN XP work station (dev box). ... Build Solution from network share in VS2005 won't work - please ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Re: Event IDs 1030 & 1058 (again)
      ... > Windows Platform Support Team ... That both DC's point to the same server as the preferred DNS server. ... >> "Digitally sign server communication " match on all DC's ... >> Microsoft Network Client: ...
      (microsoft.public.windows.group_policy)
    • Re: * 1058 and 1030
      ... Windows Platform Support Team ... That both DC's point to the same server as the ... Ensure that "Digitally sign server communication ... >>842804 Group Policy processing does not work and events ...
      (microsoft.public.windows.group_policy)
    • Re: TCP Streams from Unknown source to VB.Net
      ... communicate with any types of other platforms on TCP/IP communication. ... the data structure is sent in binary format out over a socket. ... can't contain arrays. ... from the server. ...
      (microsoft.public.dotnet.framework.remoting)
    • Quantcast