Re: Cryptography and Site Security: Please critique my security idea
From: Jim Grimmett (cssjwg@bath.ac.uk)
Date: 03/26/03
- Previous message: Sebastian Hoehn: "Re: Cryptography and Site Security: Please critique my security idea"
- In reply to: Robert Paris: "Cryptography and Site Security: Please critique my security idea"
- Next in thread: Robert Paris: "Re: Cryptography and Site Security: Please critique my security idea"
- Reply: Robert Paris: "Re: Cryptography and Site Security: Please critique my security idea"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jim Grimmett" <cssjwg@bath.ac.uk> Date: Wed, 26 Mar 2003 11:27:03 GMT
"Robert Paris" <rpjava@hotmail.com> wrote:
>
> 6. The public key for each user's private key is stored on an internal
> server that is inaccessible from the server and vice versa
> 7. When the application/web server is started up, the applciation is
> in a "turned off" state. This is because no public keys have been given
> to it. There is one page only that is accessible and it is locked to two
> IPs (both internal). This page allows an authenticated user to upload
> the public keys in to applciation memory. This must happen after every
> restart or the site is unusable.
Hmm. An interesting idea. However, if the server is compromised and
the user gains administrative access they should be able to gain access
to almost any area of the memory - rip out your keys and ftp them
somewhere.
It is _very hard_ to come up with bullet proof systems. The best you
can do is have a properly configured, and fully patched firewall and
a good set of procedures and to educate your users.
Don't let _anyone_ use methods of access that pass passwords around
in plain text (ftp, telnet, imap, etc). Check how strong your passwords
are regularly. Set up an checking scheme to see whether key binaries
have been compromised, etc.
For an extranet you may wish to tie the firewall down to go so far
as to only accept access from certain sites, and only if authenticated
with that site's certificates, make sure they are valid certs, etc.
However - what if one of _those_ sites is compromised.
I'm sure you can see, securing your server and coming up with a new
way of passing passwords around (which isn't really that new anyway)
won't help that much.
Cheers, Jim.
- Previous message: Sebastian Hoehn: "Re: Cryptography and Site Security: Please critique my security idea"
- In reply to: Robert Paris: "Cryptography and Site Security: Please critique my security idea"
- Next in thread: Robert Paris: "Re: Cryptography and Site Security: Please critique my security idea"
- Reply: Robert Paris: "Re: Cryptography and Site Security: Please critique my security idea"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
