Dailydave mailing list archives
Re: mqsvc fun
From: robert () dyadsecurity com
Date: Tue, 12 Apr 2005 14:31:51 -0700
Dave Aitel(dave () immunitysec com)@Tue, Apr 12, 2005 at 03:35:45PM -0400:
Once you accept that 0day exists, you need to look into secondary layers of defense that actually work. Whining about the amount of exploit information available to the public is missing the point.
Secondary layers of defense that actually work? Surely you jest :) "The systems to which security enforcement mechanisms have been added, rather than built-in as fundamental design objectives, are not readily amenable to extensive analysis since they lack the requisite conceptual simplicity of a security kernel. This is because their TCB extends to cover much of the entire system. Hence, their degree of trustworthiness can best be ascertained only by obtaining test results. Since no test procedure for something as complex as a computer system can be truly exhaustive, there is always the possibility that a subsequent penetration attempt could succeed. It is for this reason that such systems must fall into the lower evaluation classes." "Layers of Defense" doesn't seem appropriate in a discussion about choosing technology that can provide the security mechanisms and assurances you require to process sensitive information. This is the mindset that needs to be changed in the industry if we're going to start providing valid products or services. Right now the "security industry" is selling cough medicine as a treatment for cancer. Simply stated, Windows is performing at the disclosed security level. First some quick terminology: TOE - The principal inputs to a CC evaluation are the Security Target, the set of evidence documentation about the product under evaluation, and the product itself (referred to as the Target of Evaluation or TOE). ST - The Security Target (ST) is the basis for the agreement between the product vendor, evaluators and certification agencies as to what security functionality the product (TOE) offers and the scope of the evaluation. The Security Target identifies, and refines as appropriate, a set of CC IT security and assurance requirements. It provides a definition of the TOE security functions claimed to meet the functional requirements and the assurance measures taken to meet the assurance requirements. The ST also addresses the organizational security policies with which the TOE must comply and the security aspects for the environment in which the TOE will be used. CAPP - Controlled Access Protection Profile - http://www.commoncriteriaportal.org/public/files/ppfiles/capp.pdf =-=-=-=-=-=-=-=-=-=-= Windows 2000 ST document: http://www.commoncriteriaportal.org/public/files/epfiles/CCEVS_VID402-ST.pdf The ST and TOE for this are consistant with CAPP. The Strength of Environment statement is: The evaluation of Windows 2000 provides a moderate level of independently assured security in a conventional TOE and is suitable for the environment specification in this ST. The assurance requirements and the minimum strength of function were chosen to be consistent with this goal and to be compliant with the Controlled Access Protection Profile (CAPP). The TOE assurance level is Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3 and the TOE minimum strength of function is SOF-medium. Commentary: CAPP is a low bar to shoot for. It offers minimal security mechanisms. If you are processing sensitive information, it is advisable to choose a product that has a greater ability to protect your information. =-=-=-=-=-=-=-=-=-=-= Mac OSX: http://www.commoncriteriaportal.org/public/files/epfiles/ST_VID4012-ST.pdf Strength of Environment: Mac OS X provides a moderate level of independently assured security in a conventional TOE and is suitable for a cooperative non-hostile environment. The assurance requirements and the minimum strength of function were chosen to be consistent with this goal and to be compliant with the Controlled Access Protection Profile (CAPP). The TOE assurance level is Evaluation Assurance Level (EAL) 3 and the TOE minimum strength of function is SOF-medium. Commentary: I like this Strength of Environment statement. It is honest and consistant with the CAPP goals they were shooting for. OSX and Windows are essentially providing an equivilant level of security mechanisms as prescribed by the CAPP protection profile. =-=-=-=-=-=-=-=-=-=-= Trusted Solaris 8 http://www.commoncriteriaportal.org/public/files/epfiles/TSolaris8_Issue3.1.pdf The Trusted Solaris protection profile's include: http://www.commoncriteriaportal.org/public/files/ppfiles/capp.pdf http://www.commoncriteriaportal.org/public/files/ppfiles/lspp.pdf http://www.commoncriteriaportal.org/public/files/ppfiles/RBAC_987.pdf Intended Use: Trusted Solaris 8 4/01 is intended for use in organisations who need to safeguard sensitive information (e.g., organisations concerned with processing commercially sensitive or classified information) and who require security features unavailable in standard commercial operating environments. Commentary: If you have sensitive information, it would be wise to choose technology that was designed to be able to protect it. Robert -- Robert E. Lee CEO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- mqsvc fun Dave Aitel (Apr 12)
- Re: mqsvc fun robert (Apr 12)
- Re: mqsvc fun Gadi Evron (Apr 12)
- <Possible follow-ups>
- RE: mqsvc fun Maynor, David (ISS Atlanta) (Apr 12)
- David Maynor - You're my hero. robert (Apr 12)