Full Disclosure mailing list archives
Re: Gates: 'You don't need perfect code' for good security
From: "Dave Howe" <DaveHowe () cmn sharp-uk co uk>
Date: Tue, 4 Nov 2003 15:59:19 -0000
The SQL server doesn't have to be accessible to the Internet. It only has to be accessible to those machines authorized to do authentication lookups.
True enough.
There's reasons why 'best practices' call for a physically separate management network....
Unfortunately, this isn't an example of one. It can be considered logically isolated (in that you must compromise the internet-facing box before you can begin to attack the database) but there have been examples before of worms that used one vunerability (bind, I think, for the example I can recall most clearly, so fairly cross-platform) to get to a point where more intrusive scanning (for vulnerable wintel boxes, again IIRC) could take place without the firewall raising the alarm. A slightly better scenario is to recognise that all connections between the internet and an internal (dmz or shielded lan) host, and indeed from a DMZ host to either shielded lan or internet, have both a passive and an active end (this is familar enough to all firewall admins, and indeed anyone who has had to work out how to get ftp to work :) Any system where the "valuable" machine is the passive end of a tcp/ip link is at least theoretically (and in too many cases actually) vulnerable. Unfortunately, making the active end the internal host often means resorting to polling (internal host connects regularly and pulls queries from a passive "external" host, then pushes results back) which is both inherently inefficient (given the vast majority of polls result in "no work to do") and high-latency (incoming queries are processed, not when received, but when polled for; assuming a five second polling cycle and a one second "processing" latency - to do with file locking and making the query available to incoming polls - you have a worst case delay of six seconds *on top of* the time taken to actually transfer the query and process it.) physically separate management networks are inherently hard to set up - in the ideal case, they consist of a single (direct) connection between the management station and each managed machine, so no managed machine can possibly contact another using that network and the management station can only talk to managed servers, not the lan or under any circumstances the internet. In practice, this becomes unworkable above a few dozen (the limit of a cost-justified switch to handle that many vlans and combine them to a single host, plus of course for the host to have that many virtual interfaces, ignoring any possible attacks on the switch or the management station) and usually the best you can hope for is an out-of-band administration channel, and a (physical) switch for when you aren't using it :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Gates: 'You don't need perfect code' for good security, (continued)
- Re: Gates: 'You don't need perfect code' for good security William Warren (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Matthew Murphy (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Matthew Murphy (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 03)
- Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 03)
- Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 03)
- Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 04)
- Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 04)
- Re: Gates: 'You don't need perfect code' for good security Dave Howe (Nov 04)
- Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 04)
- Re: Gates: 'You don't need perfect code' for good security William Warren (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Nick FitzGerald (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Frank Knobbe (Nov 02)
- Re: Gates: 'You don't need perfect code' forgood security Lan Guy (Nov 03)
- Re: Gates: 'You don't need perfect code' for good security Nick FitzGerald (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Darren Reed (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Cedric Blancher (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 03)