IDS mailing list archives
Re: self authentication for sensors in ids ?
From: Michal Melewski <mike () pn66 poznan sdi tpnet pl>
Date: Fri, 30 Jan 2004 22:20:19 +0100
On Fri, Jan 30, 2004 at 12:59:46PM +0100, Stefano Zanero wrote:
Michal Melewski wrote:2. If IDS administrator is sure, that sensor hasn't been compromised he gives the sensor a password for his gpg key and activate it.How ? A password of which key ?
I meant a passphrase to activate a private gpg key. Private gpg key is used to sign a packet.
3. When sensor is active he can send alarms and each packet should be signed and encrypted, and of course supplied with a md5 sum (or better sha1) of currently running code.And what is there to prevent an abuser to send packets with the known good md5sum ?
A sign made by a private gpg key.
If attacker managed to replace a sensor, the gpg sign wouldn't be validAgain: how is that possible ? Where do you store the password ? If it's in the running code on a compromised machine, it's not secure.
Yes, i know it's the weak point, but still it's more secure then just accepting all packets coming from sensor. Reading a proces memmory is of course possible, but it's not so trivial. If anyone have a better idea how to make good authentication mechanism between sensor and a manager I would be glad to hear it.
Stefano
-- Michael "carstein" Melewski | "Humanistą był Kepler, był Liebnitz. carstein () poznan linux org pl | Człowiek definiujący humanizm jako mobile: 502 545 913 | brak umiejętności całkowania gpg: carstein.c.pl/carstein.txt | humanistą nie jest." --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- self authentication for sensors in ids ? Gaurav_Jindal (Jan 12)
- Re: self authentication for sensors in ids ? Martin Roesch (Jan 12)
- Re: self authentication for sensors in ids ? Stefano Zanero (Jan 12)
- Re: self authentication for sensors in ids ? Yoann Vandoorselaere (Jan 13)
- Re: self authentication for sensors in ids ? Michal Melewski (Jan 28)
- Re: self authentication for sensors in ids ? Stefano Zanero (Jan 30)
- Re: self authentication for sensors in ids ? Michal Melewski (Jan 30)
- Re: self authentication for sensors in ids ? Stefano Zanero (Jan 30)
- Re: self authentication for sensors in ids ? Martin Roesch (Jan 12)