Date: Sat, 12 Dec 1998 14:03:03 +0100 (CET) From: "Marco Molteni" <molter@tin.it> To: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: tripwire was Re: append-only devices for logging Message-ID: <Pine.BSF.3.96.981212135507.497B-100000@nympha> In-Reply-To: <8qQVls_00YUq0lKqg0@andrew.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 12 Dec 1998, Thomas Valentino Crimi wrote: [..] > This latest discussion has had me toying with the idea of an NFS > R/O mount for tripwire use [..] > in general I think that having to trust the kernel is a necessity. [..] > Where I begin to doubt is what to do for the network connection. I'm > uncertain how feasable an attack on the network is, but UDP mode seems > especilly volnerable to a hacked machine injecting data, I'm not sure > how NFS woudl react to this at all. > > It would appear to be a good medium security measure, a network attack > seems infeasable or at least easilly detectable were it to exist, > forwarding a TCP NFS over ssh is tempting, but then you have to trust > ssh (etc). Any comments on this? Your suggested scenario is: tripwire over ro nfs mount + trusted kernel, right? and you are worried about the network. So, what about using IPsec? IPsec is part of the kernel, and you don't need ssh. Marco --- "Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?" "I'm sorry, this is device driver testing: brain implants are two doors down on the right". (Bill Paul, on the freebsd-net mailing list) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981212135507.497B-100000>