Secure Coding mailing list archives

Re: virtual server - IPS

From: "Paco Hope" <bhope () cigital com>
Date: Wed, 31 Mar 2004 23:24:10 +0100

On 3/31/04 10:05 AM, "Jeremy Epstein" <[EMAIL PROTECTED]> wrote:

You might also consider one of the IPS products (e.g., Okena/Cisco,
Entercept/NAI, or PlatformLogic), all of which will allow you to constrain
what happens.... and may be somewhat more scalable than VMware if you need
to run a bunch of instances of the virtual environment.


This answer decidedly beyond the scope of "secure coding."  IPSes don't even
run on the host with the code. IPS systems are so far removed from the
actual host that they have no context on which to base decisions about
custom code. The OS can't stop bad programmers from shooting themselves in
the foot. It can at least apply a few limits to the damage when they do.

The original question was "how can I limit one user's ability to interfere
with other users on the box?"  An answer that takes the box offline when bad
stuff happens is probably not the answer he was hoping for.  It's a
host-based question, and the network is not the right place to solve it.

Paco
-- 
Paco Hope, CISSP
Senior Software Security Consultant
Cigital, Inc. http://www.cigital.com/
[EMAIL PROTECTED] -- +1.703.404.5769



----------------------------------------------------------------------------
This electronic message transmission contains information that may be
confidential or privileged.  The information contained herein is intended
solely for the recipient and use by any other party is not authorized.  If
you are not the intended recipient (or otherwise authorized to receive this
message by the intended recipient), any disclosure, copying, distribution or
use of the contents of the information is prohibited.  If you have received
this electronic message transmission in error, please contact the sender by
reply email and delete all copies of this message.  Cigital, Inc. accepts no
responsibility for any loss or damage resulting directly or indirectly from
the use of this email or its contents.
Thank You.
----------------------------------------------------------------------------

Current thread:

virtual server - security Serban Gh. Ghita (Mar 30)
- Re: virtual server - security Scott Nemec (Mar 30)
- RE: virtual server - security Dave Paris (Mar 31)
  - RE: virtual server - security jnf (Mar 31)
    - RE: virtual server - security Dave Paris (Mar 31)
  - Re: virtual server - use jail(8) on FreeBSD Paco Hope (Mar 31)
- Re: virtual server - security Fernando Schapachnik (Mar 31)
- Re: virtual server - security Louis Solomon [SteelBytes] (Mar 31)
- Re: virtual server - security Frank Peters (Mar 31)
- <Possible follow-ups>
- RE: virtual server - security Jeremy Epstein (Mar 31)
  - Re: virtual server - IPS Paco Hope (Mar 31)