From owner-freebsd-questions@FreeBSD.ORG Fri Jun 13 05:10:01 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0B69B106566B for ; Fri, 13 Jun 2008 05:10:01 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id B94698FC19 for ; Fri, 13 Jun 2008 05:10:00 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute2.internal (compute2.internal [10.202.2.42]) by out1.messagingengine.com (Postfix) with ESMTP id B922A1160BB; Fri, 13 Jun 2008 01:09:59 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute2.internal (MEProxy); Fri, 13 Jun 2008 01:09:59 -0400 X-Sasl-enc: Xgf/0A7A//ClFTMX1SCfz9xbvZ5KKpUEOhLL34h+5CDM 1213333799 Received: from hagrid.ewd.goldmark.org (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTPSA id 3CECC22F87; Fri, 13 Jun 2008 01:09:59 -0400 (EDT) Message-Id: <8E8479E4-240C-4BB4-8A01-8387A9F7994A@goldmark.org> From: Jeffrey Goldberg To: David Naylor In-Reply-To: <200806122224.19147.naylor.b.david@gmail.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v924) Date: Fri, 13 Jun 2008 00:09:58 -0500 References: <200806112225.36221.naylor.b.david@gmail.com> <200806121519.12820.naylor.b.david@gmail.com> <62860DF8-423D-48B3-9757-CC3D24732CF0@goldmark.org> <200806122224.19147.naylor.b.david@gmail.com> X-Mailer: Apple Mail (2.924) Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD and User Security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jun 2008 05:10:01 -0000 On Jun 12, 2008, at 3:24 PM, David Naylor wrote: > This is a general enquiry. What had sparked my interest in this > subject is > the above mentioned article. In this case it is a workstation used > to access > and manage account and cash flows. The threat would be anyone > gaining access > to 'divert' funds to incorrect accounts, for obvious personal gains. How much money are we talking about? If it is billions of NZD that is one thing, if it is thousands of NZD that is another. The question is would someone with resources make a concerted effort to specifically target your system? If so, you should hire a local professional. If your concern is more about the kinds of wide spread automated attacks, then really it's just a matter of doing the basic sorts of things. Disabling root SSH logins, have your perimeter firewall check for unusual out-bound traffic, and of course, keeping the system properly updated. > Specifically, the two threats would be remote attach (such as > spyware being > deployed, or gaining remote access) I haven't played around with it, but you might want to look at Mandatory Access Control (described in the Handbook). It's something that has been on my "to learn" list for a while, but I am getting through that list very slowly. From what you've said, it sounds like you are talking about a multi-user system. Something like MAC really may be the best approach to preventing individual users from being tricked into doing stupid things. > or physical access (in which case keeping > the username and password safe will be the only option? Assuming > their is no > compromise on the human side) For a typical machine, physical access means all access. If I have physical access to a machine, I may be able to boot it from my own boot media (a CD for example) and then read everything on the hard disks. I could remove the disks and copy them. I could install a physical keystroke logger between the keyboard and the box. There really is a lot that can be done with physical access. So if you have reason to believe that attackers would have physical access to the machine, you should use encrypted file systems. Note that with both MAC and encrypted file systems you run an increased risk of locking yourself out of the system by accident. So what measures you wish to take, with their additional costs and risks, depends on a careful and realistic view of what the threats are. I've enjoyed this discussion. Cheers, -j