Secure Coding mailing list archives
Re: virtual server - IPS
From: "Paco Hope" <bhope () cigital com>
Date: Wed, 31 Mar 2004 23:24:10 +0100
On 3/31/04 10:05 AM, "Jeremy Epstein" <[EMAIL PROTECTED]> wrote:
You might also consider one of the IPS products (e.g., Okena/Cisco, Entercept/NAI, or PlatformLogic), all of which will allow you to constrain what happens.... and may be somewhat more scalable than VMware if you need to run a bunch of instances of the virtual environment.
This answer decidedly beyond the scope of "secure coding." IPSes don't even run on the host with the code. IPS systems are so far removed from the actual host that they have no context on which to base decisions about custom code. The OS can't stop bad programmers from shooting themselves in the foot. It can at least apply a few limits to the damage when they do. The original question was "how can I limit one user's ability to interfere with other users on the box?" An answer that takes the box offline when bad stuff happens is probably not the answer he was hoping for. It's a host-based question, and the network is not the right place to solve it. Paco -- Paco Hope, CISSP Senior Software Security Consultant Cigital, Inc. http://www.cigital.com/ [EMAIL PROTECTED] -- +1.703.404.5769 ---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ----------------------------------------------------------------------------
Current thread:
- virtual server - security Serban Gh. Ghita (Mar 30)
- Re: virtual server - security Scott Nemec (Mar 30)
- RE: virtual server - security Dave Paris (Mar 31)
- RE: virtual server - security jnf (Mar 31)
- RE: virtual server - security Dave Paris (Mar 31)
- Re: virtual server - use jail(8) on FreeBSD Paco Hope (Mar 31)
- RE: virtual server - security jnf (Mar 31)
- Re: virtual server - security Fernando Schapachnik (Mar 31)
- Re: virtual server - security Louis Solomon [SteelBytes] (Mar 31)
- Re: virtual server - security Frank Peters (Mar 31)
- <Possible follow-ups>
- RE: virtual server - security Jeremy Epstein (Mar 31)
- Re: virtual server - IPS Paco Hope (Mar 31)