Dailydave mailing list archives

Re: Media Excitement!

From: Cody Hatch <bytejump () gmail com>
Date: Thu, 21 Apr 2005 20:16:24 +0000

I've lurked long enough and need to participate rather than be a leech.

<exasperation>
Where do we go from here, though? Why aren't solutions such as PaX,
grsecurity, systrace, etc. finding their way into commercial operating
systems? Where is the hold-up? Customers certainly don't enjoy the
patch-as-you-go model, but where are the commercial operating systems
and solutions that make use of such proactive security measures?

Cobbling together a solution that includes these things can be done,
but finds itself on thin ice in an enterprise environment needing
executive buy-off and enterprise-level manageability.

RedHat has ExecShield, which is at least an attempt, but why are we
moving in such a slow fashion? Where is everyone else? Cisco Security
Agent makes an attempt, but isn't enough. What's the hold-up?
</exasperation>

Thanks,
Cody


Patches are necessary.  Holes need to be pluged.  However, if the
systems have adequate security mechanisms in place the rush to patch
would not be as time critical.  A security bug in a running software
module should not lead to a total compromise of the system.

We have been trying (unsuccessfully) to fit a square peg into a round
hole.  CAPP/DAC systems are not meant to stand up to directed malice.
Without a policy, you can not have a policy violation.  Without a
full-time fine grained mandatory enforced policy (reference monitor
concept), you might as well not have a policy at all.  Where there is
discretion, there is the potential for violation of the non-enforced
policy.  You can not model a non-enforced policy.

Also, adding mechanisms after the fact to a faulty security base is
invalid.  Building a castle on a foundation of quicksand isn't wise.
But that's what we do.  I guess that's what customers are demanding...
the whole practice just seems odd.

"What we have here is a failure to communicate" :).

What I mean to say is, "Defence in Depth" works.  We use at least 7
firewalls from 4 different vendors (gateway and host based).  Two host
level anti-virus and a gold corporate edition gateway anti-virus
program.  Also our IPS makes us immune to all attacks (known and
unknown). .....

Damn it, why does my website now say:
"Hacked by chinese!"

Robert

--
Robert E. Lee
CEO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Media Excitement!, (continued)
- - Re: Media Excitement! Sean Batt (Apr 21)
  - Re: Media Excitement! halvar (Apr 21)
    - Re: Media Excitement! Eduardo Tongson (Apr 22)
- Re: Media Excitement! Chris Kuethe (Apr 21)
  - Re: Media Excitement! Jason Falciola (Apr 21)
- ISEAGE Competetion Arun Koshy (Apr 22)
  - RE: ISEAGE Competetion Chris Eagle (Apr 22)
- RE: Media Excitement! Kohlenberg, Toby (Apr 21)
  - RE: Media Excitement! Anton A. Chuvakin (Apr 21)
  - Re: Media Excitement! robert (Apr 21)
    - Re: Media Excitement! Cody Hatch (Apr 21)
    - Re: Media Excitement! robert (Apr 21)
    - Re: Media Excitement! pageexec (Apr 22)
    - Re: Media Excitement! robert (Apr 22)
    - Re: Media Excitement! pageexec (Apr 22)
    - Re: Media Excitement! Cody Hatch (Apr 24)
    - Re: Media Excitement! robert (Apr 24)
    - Re: Media Excitement! Cody Hatch (Apr 25)
    - Re: Media Excitement! Jack (Apr 25)
    - Re: Media Excitement! Cody Hatch (Apr 26)
    - Re: Media Excitement! pageexec (Apr 26)

(Thread continues...)