Re: [NANOG] IOS rootkits

[Mark Smith <nanog () 85d5b20a518b8f6864949bd940457dc124746ddc nosense org>]

On Sat, 17 May 2008 09:34:19 -0500
travis+ml-nanog () subspacefield org wrote:

> On Sat, May 17, 2008 at 04:47:02PM +0930, Matthew Moyle-Croft wrote:
> > I'm sure it'll be good for a number of security providers to hawk their 
> > wares.
> >
> > If the way of running this isn't out in the wild and it's actually 
> > dangerous then a pox on anyone who releases it, especially to gain 
> > publicity at the expensive of network operators sleep and well being.   
> > May you never find a reliable route ever again.
>
> I personally like Gadi's work, but not as much as I like getting my
> packets to their destination.  I personally don't quite understand why
> netops keep buying proprietary, closed technology for routers, but I'm
> not and have never been a netop so I'm sure there's good reasons.  To
> me it seems that if you need reliable router hardware, you can buy
> that from a vendor, but in theory I don't see why the software for
> routers couldn't be much more open.  When I can, I reflash my WAPs
> with DD-WRT, because at least then I understand the system (and you
> can't secure what you don't understand), but I am not saying that's
> much of a comparison.

Have you read and security validated every line of open code you're
running? Even if you've only read and security validated 99% of it,
you're still trusting that the other 1% doesn't have any
vulnerabilities in it.

Then again, even if you have audited every line of code, and it is
100% "secure", who's to say the compiler used to compile it is ... so you'll
have to audit that too.

"Reflections on Trusting Trust"
http://cm.bell-labs.com/who/ken/trust.html

And then, even if you trust your build environment because you've
audited it, who's to say that the CPU itself doesn't have a
vulnerability in its microcode (accidental or intentionally), or the
harddrive, or the TOE network card (that can probably establish TCP
connections completely transparent to the OS it's working fo) or the
keyboard doesn't have a built in key sniffer, inserted by the chip
manufacturer when the designers outsourced it. (The TOE card is an
interesting one - they'd commonly be used on high performance servers,
and typically those are holding or have access to the organisation's
most sensitive data ...)

So the only way you can be absolutely sure is to build everything or
audit everything yourself, from the transistor level up through the
layers OSI RM. And even then, you're battling your own human frailty -
how can you be sure you haven't missed something?

As the cliche goes, "If you want something done properly, you have to
do it yourself." If you can't do it (all) yourself, because you don't
have the time and the expertise, then inherently you have to place a
level of trust in other people.

Regards,
Mark.

-- 

        "Sheep are slow and tasty, and therefore must remain constantly
         alert."
                                   - Bruce Schneier, "Beyond Fear"

_______________________________________________
NANOG mailing list
NANOG () nanog org
http://mailman.nanog.org/mailman/listinfo/nanog