Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: virtual server - IPS

From: Jeremy Epstein <jeremy.epstein () webmethods com>
Date: Thu, 01 Apr 2004 17:01:46 +0100
Not to digress too far, but...


On 3/31/04 10:05 AM, "Jeremy Epstein" 
<[EMAIL PROTECTED]> wrote:

You might also consider one of the IPS products (e.g., Okena/Cisco,
Entercept/NAI, or PlatformLogic), all of which will allow 

you to constrain

what happens.... and may be somewhat more scalable than 

VMware if you need

to run a bunch of instances of the virtual environment.


Paco Hope responded: 

This answer decidedly beyond the scope of "secure coding."  
IPSes don't even
run on the host with the code. IPS systems are so far removed from the
actual host that they have no context on which to base decisions about
custom code. The OS can't stop bad programmers from shooting 
themselves in
the foot. It can at least apply a few limits to the damage 
when they do.


There are different kinds of IPSs (unfortunately, the term is massively
overloaded).  The types I listed run on the host with the code, in between
the OS and the application.  And they *do* have the context to base
decisions on...  I'm most familiar with PlatformLogic, which provides a very
sophisticated policy language that allows you to specify for every program
exactly what it can do (e.g., what files it can access in what modes, what
ports it can use, what IP addresses), as well as privileged systems calls,
etc.  It's ideally suited to constraining virtual servers.

Yes, there are IPSs that are running on the network (e.g., as a network
filter), but those are more network IPSs (as opposed to host IPSs), to
borrow terminology from the IDS world.


The original question was "how can I limit one user's ability 
to interfere
with other users on the box?"  An answer that takes the box 
offline when bad
stuff happens is probably not the answer he was hoping for.  It's a
host-based question, and the network is not the right place 
to solve it.


I agree.  The solution I propose does not take the box offline; depending on
how the IPS is configured, it would either disallow the particular
operation, or shut down that virtual server (without affecting other virtual
servers).

--Jeremy
Previous By Date Next
Previous By Thread Next

Current thread: