Re: Installation and setup of secure applications

[Damir Rajnovic <gaus () cisco com>]

On Tue, Jan 20, 2004 at 12:27:08PM -0500, Jean-Francois Poirier wrote:
>   I would say definitely enormous.  If developers are not actually
> installing the software themselves (as is the case sometimes in smaller
> custom development projects), they should at least be part of the

Hear! Hear! This is something that needs to be done. Developers must
be aware, to the maxium possible extent, how and where their application
will be used. They also must do initial testing in a "representative
model of user's environment". In some cases that is not easy to do since
that environment is very diverse. But they still need to try. That
diveristy does not absolve them from anything.

On Tue, Jan 20, 2004 at 09:52:19AM -0800, [EMAIL PROTECTED] wrote:
> I believe here is where we actually start to see a distinction between
> *product* security and *application* security. For instance, if the

While I think that I can see what you are saying I have some problems
with this. The product will probably consist of several applications
that are co-operating. If one application is misbehaving it may take
down security of the whole product. On the other hand, every application
being secure does not translate into the product being secure. While
individual and isolated application may be secure, it may not be so
when interacting with other applications.

My personal view is that each part must be make as secure as possible
by itself and then look at the whole system and try to find what else
needs to be done to secure the whole system.

On Tue, Jan 20, 2004 at 09:52:19AM -0800, [EMAIL PROTECTED] wrote:
> In application security (versus product security), we are producing
> applications that will most likely reside on systems that are configured
> in any number of ways. That is, dependency on the OS will not produce
> dependable results. If we produce an application that will work on any

But we can determine and fix what are our requirements on the OS are.
We can select some services from the OS and use them in our application
and all the rest will be handled by the application. Like, we can choose to
rely on OS to enforce file security. If we feel that this is not
adequate we can demand that our application is given a raw partition
and do things ourselves. We can also choose not to use functions provided
by OS if they can not be depend upon. So, my point is, developers do
have choice. They can not know each and every possible environment
the product/application will be used but they can set requirements on
the environment and provede security as long as these requirements
are met. If we are not sure that environment can meet them then we
can consider to control these parameters ourselves.

Gaus

==============
Damir Rajnovic <[EMAIL PROTECTED]>, PSIRT Incident Manager, Cisco Systems
<http://www.cisco.com/go/psirt>      Telephone: +44 7715 546 033
200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GB, GB
==============
There are no insolvable problems. 
The question is can you accept the solution?