Anybody interested in building an absolutely secure linux system?

Hi there,

I am looking for people interested in cooperating with me for a project
to build a strictly unbreakable linux system.

Maybe you have seen my announcements of sysmask
(http://wims.unice.fr/sysmask/doc/) and its demo challenge
(http://wims.unice.fr/wims/wims.cgi?m...nice/challenge).
Sysmask is only the first step in the project. It protects the system
in case when a network daemon is compromised. However, sysmask alone is
not enough, for the network service assured by the daemon is still
disturbed by the attack, and in some cases (such as sshd) the
consequence is still important.

So the next step is to develop vulnerability-tolerant network daemons,
whose services will not be interrupted even if a vulnerability in the
daemon software is exploited, and even if arbitrary codes are executed
due to that.

Skeptical? This is now easily realisable. And the idea is very simple:
you just have to let each network connection to be served by a separate
process of the daemon. This process has all its system access rights
restricted by sysmask so that it can do no harm to anything else except
to the assigned connection. So if the process is compromised, the
consequence is limited to the connection of the attacker himself.

Otherwise, the ever-living daemon itself is nothing more than a port
listener and a process dispatcher. It prohibits itself from reading the
network requests (the reading is done by the child processes), so that
specially crafted requests cannot compromise it.

My first target is sshd. In the mean time, we should deny access of
/etc/shadow and the site private key to the daemon, moving
authentication to a well-shielded system login daemon. The latter can
now implemente more intelligent algorithms to make cracking by
exhaustion impossible, so that even easily rememberable passwords will
become more secure than today's "secure" passwords em%4G*^z.

Details will be explained to people interested in doing something in
this project: please write me directly to xiao@unice.fr, with the word
"sysmask" in your message.

"Absolute security" is an oxymoron.

I'm not trying to rattle your cage here - look it up.


--
J

Where does the shit go ?

"azuredu" <xiao@unice.fr> wrote in news:1114766396.899265.248610
@f14g2000cwb.googlegroups.com:

>
> Hi there,
>
> I am looking for people interested in cooperating with me for a project
> to build a strictly unbreakable linux system.
>
> Maybe you have seen my announcements of sysmask
> (http://wims.unice.fr/sysmask/doc/) and its demo challenge
> (http://wims.unice.fr/wims/wims.cgi?m...nice/challenge).
> Sysmask is only the first step in the project. It protects the system
> in case when a network daemon is compromised. However, sysmask alone is
> not enough, for the network service assured by the daemon is still
> disturbed by the attack, and in some cases (such as sshd) the
> consequence is still important.
>
> So the next step is to develop vulnerability-tolerant network daemons,
> whose services will not be interrupted even if a vulnerability in the
> daemon software is exploited, and even if arbitrary codes are executed
> due to that.
>
> Skeptical? This is now easily realisable. And the idea is very simple:
> you just have to let each network connection to be served by a separate
> process of the daemon. This process has all its system access rights
> restricted by sysmask so that it can do no harm to anything else except
> to the assigned connection. So if the process is compromised, the
> consequence is limited to the connection of the attacker himself.
>
> Otherwise, the ever-living daemon itself is nothing more than a port
> listener and a process dispatcher. It prohibits itself from reading the
> network requests (the reading is done by the child processes), so that
> specially crafted requests cannot compromise it.
>
> My first target is sshd. In the mean time, we should deny access of
> /etc/shadow and the site private key to the daemon, moving
> authentication to a well-shielded system login daemon. The latter can
> now implemente more intelligent algorithms to make cracking by
> exhaustion impossible, so that even easily rememberable passwords will
> become more secure than today's "secure" passwords em%4G*^z.
>
> Details will be explained to people interested in doing something in
> this project: please write me directly to xiao@unice.fr, with the word
> "sysmask" in your message.
>

Didn't the NSA try to do something like that with SELinux?

http://www.nsa.gov/selinux/

Though I will agree with Jeroen Geilman - no such thing as "Absolute
security". Also, read this article recently - Passwords are out! The future
is in biometrics & other authentication devices...

Psychology of IT security
By: Rosie Lombardi
ComputerWorld Canada (29 Apr 2005)

http://www.itworldcanada.com/Pages/D...wArticle.aspx?
title=Psychology-of-IT-security&ID=idgml-7efccdd7-f97e-4341-9c90-
6c232d5907f1&Portal=448d158c-d857-4785-b759-ffa1c005933c

http://tinyurl.com/7lfen

Passwords are out! The future is in biometrics e.t.c..

--
~
I am Against TCPA/TCG: http://www.againsttcpa.com/
What is it? --> http://www.againsttcpa.com/what-is-tcpa.html

SELinux has the good principle. I wouldn't go to the trouble of
designing a new trick if it hadn't neglected some important factors.

> Though I will agree with Jeroen Geilman - no
> such thing as "Absolute security".

The problem is that this sentence is too often used as an excuse to
force the public to accept insecure solutions.

Absolute security may not exist, but today's situation where everybody
has to chase after every vulnerability in every critical software is
absolutely not a fatality.

Unfortunately, the joint effort of the 2 or 3 common OS on this respect
has made so many people take this sad reality for granted. But before
RSA came out and got accepted, the general wisdom also said that no
such thing as public key cryptology could existed!

> Passwords are out!

I don't think so. Passwords will probably exist as long as qwerty
keyboards. Biometrics will only coexist with passwords.

azuredu wrote:
> I don't think so. Passwords will probably exist as long as qwerty
> keyboards. Biometrics will only coexist with passwords.
>
I can remember when people said nine-track tape was out, or Hollerith
cards were out, but you know there are still millions of nine-track
tapes around and in archives as well as Hollerith cards. They may not be
popular any more or state of the art but they still exist and are used.
And I am sure that will be the way passwords and pass phrases goes. Both
will have their place for many many years to come. Maybe not in the
highest most critical (well funded) projects and firms but they will
live on in millions of places.

"azuredu" <xiao@unice.fr> wrote in news:1115270682.699340.62560
@z14g2000cwz.googlegroups.com:

> SELinux has the good principle. I wouldn't go to the trouble of
> designing a new trick if it hadn't neglected some important factors.
>
>> Though I will agree with Jeroen Geilman - no
>> such thing as "Absolute security".
>
> The problem is that this sentence is too often used as an excuse to
> force the public to accept insecure solutions.
>
> Absolute security may not exist, but today's situation where everybody
> has to chase after every vulnerability in every critical software is
> absolutely not a fatality.
>
> Unfortunately, the joint effort of the 2 or 3 common OS on this respect
> has made so many people take this sad reality for granted. But before
> RSA came out and got accepted, the general wisdom also said that no
> such thing as public key cryptology could existed!
>
>> Passwords are out!
>
> I don't think so. Passwords will probably exist as long as qwerty
> keyboards. Biometrics will only coexist with passwords.
>

you have to ask the right question. you are not asking the right
question.

=====
Q: Is there a super uber secure computer operating system that is so damn
secure that I will never have to worry about it not being secure?

A: That is the wrong question!!!
====
Q: My business is not secuirty. My business is [insert your buz here] - I
should not have to waste my time to secure my operating system. I paid X
amount of dollars to [insert Microsoft or your favorite Linux distro
here] - a portion of that money should cover guaranteed automatic
patching and security by vendor and it should be 100% reliable and the
process will not break anything and it should all be transparent to me as
the user because as I fist stated - my business is not security.

A: That is the right question.
=====

--
Rowdy Yates, MCNGP Thug #39
http://www.mcngp.com/
http://profiles.yahoo.com/rowdy_yates_mcngp

Rowdy Yates <rowdy_yates@upyours.com> writes:

> Q: My business is not secuirty. My business is [insert your buz here] - I
> should not have to waste my time to secure my operating system. I paid X
> amount of dollars to [insert Microsoft or your favorite Linux distro
> here] - a portion of that money should cover guaranteed automatic
> patching and security by vendor and it should be 100% reliable and the
> process will not break anything and it should all be transparent to me as
> the user because as I fist stated - my business is not security.
>
> A: That is the right question.

Well, no amount of patches and security updates can save you if your user
choose weak passwords and/or don't follow any meaningful security policy in
the first place. So "my business is not security" is not an excuse for
sloppiness.

Dragan

--
Dragan Cvetkovic,

To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer

!!! Sender/From address is bogus. Use reply-to one !!!

Rowdy Yates wrote:
> "azuredu" <xiao@unice.fr> wrote in news:1115270682.699340.62560
> @z14g2000cwz.googlegroups.com:
>
>
>>SELinux has the good principle. I wouldn't go to the trouble of
>>designing a new trick if it hadn't neglected some important factors.
>>
>>
>>>Though I will agree with Jeroen Geilman - no
>>>such thing as "Absolute security".
>>
>>The problem is that this sentence is too often used as an excuse to
>>force the public to accept insecure solutions.
>>
>>Absolute security may not exist, but today's situation where everybody
>>has to chase after every vulnerability in every critical software is
>>absolutely not a fatality.
>>
>>Unfortunately, the joint effort of the 2 or 3 common OS on this respect
>>has made so many people take this sad reality for granted. But before
>>RSA came out and got accepted, the general wisdom also said that no
>>such thing as public key cryptology could existed!
>>
>>
>>>Passwords are out!
>>
>>I don't think so. Passwords will probably exist as long as qwerty
>>keyboards. Biometrics will only coexist with passwords.
>>
>
>
> you have to ask the right question. you are not asking the right
> question.
>
> =====
> Q: Is there a super uber secure computer operating system that is so damn
> secure that I will never have to worry about it not being secure?
>
> A: That is the wrong question!!!
> ====
> Q: My business is not secuirty. My business is [insert your buz here] - I
> should not have to waste my time to secure my operating system. I paid X
> amount of dollars to [insert Microsoft or your favorite Linux distro
> here] - a portion of that money should cover guaranteed automatic
> patching and security by vendor and it should be 100% reliable and the
> process will not break anything and it should all be transparent to me as
> the user because as I fist stated - my business is not security.
>
> A: That is the right question.
> =====
>
I'm not sure that your second Q: is a question. It sound more like a
statement or a rant:)

Dragan Cvetkovic <me@privacy.net> wrote in
news:lm1x8l5v7g.fsf@privacy.net:

> Rowdy Yates <rowdy_yates@upyours.com> writes:
>
>> Q: My business is not secuirty. My business is [insert your buz here]
>> - I should not have to waste my time to secure my operating system. I
>> paid X amount of dollars to [insert Microsoft or your favorite Linux
>> distro here] - a portion of that money should cover guaranteed
>> automatic patching and security by vendor and it should be 100%
>> reliable and the process will not break anything and it should all
>> be transparent to me as the user because as I fist stated - my
>> business is not security.
>>
>> A: That is the right question.
>
> Well, no amount of patches and security updates can save you if your
> user choose weak passwords and/or don't follow any meaningful security
> policy in the first place. So "my business is not security" is not an
> excuse for sloppiness.
>
> Dragan
>

I have proven "in my environment". The higher I set password complexity
requirements - the more the staff write it down on a piece of paper and
leave it near keyboard. (Good god - the SA's are just as guilty of this!)
It sometimes seems smarter and easier to have them have an easy password
- not have it written down - but implement a 2nd or 3rd factor security.
thats what I like about the USB and smart card authenticators.

Maybe the problem may be with "my environment".

I do believe that security should be transparent to the end user. there
is no reason why they need to bother with patching, signature updates or
secuirty settings.

Micr$oft are a bunch of money hungry a$$'$ - but they are on the right
track with WUS, SUS, and centrally managed security deployed via
directory services (AD). the fact that their products $uck!, their
networking is unreliable and unstable - thats another issue!

you are not going to get a raise or better job by telling your boss that
you trained users to maintain security themselves. but you might get a
raise if you can prove that you secured the environment without impeding
on your users productivity.

--
Rowdy Yates, MCNGP Thug #39
http://www.mcngp.com/
http://profiles.yahoo.com/rowdy_yates_mcngp