Date: Tue, 6 Nov 2001 18:06:50 +0100 From: Erik Trulsson <ertr1013@student.uu.se> To: Anthony Atkielski <anthony@atkielski.com> Cc: Ted Mittelstaedt <tedm@toybox.placo.com>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Lockdown of FreeBSD machine directly on Net Message-ID: <20011106180650.A72863@student.uu.se> In-Reply-To: <001401c166a9$9b976120$0a00000a@atkielski.com> References: <000201c166a2$d2ed80c0$1401a8c0@tedm.placo.com> <001401c166a9$9b976120$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 06, 2001 at 10:58:35AM +0100, Anthony Atkielski wrote: > Ted writes: > > > I don't care how much money you throw at a security > > crack, what counts is the persistence. > > In the world of IT, it is possible to apply perfect solutions to security holes. > In other words, it is possible to build perfectly secure systems. It's > expensive and requires people who are truly dedicated to making a system secure, > but it is quite possible. And systems secured in this way cannot be cracked by > any amount of persistence. Not so. There is no such thing as 100% security. It is possible to build systems that are extremely secure such that to make them even more secure would cost more than it is worth and such that to crack them would require huge amounts of resources (time, money, people and/or hardware) but they can be cracked. > > Example: Telnet passwords. To log in with Telnet, you must provide the > password of the account you wish to log into. No password, no access. No > amount of persistence will force Telnet to let you in without the correct > password. This protocol is thus completely secure. This is case where persistence is exactly what is needed to crack the system. One simply tries every possible password until one succeeds. Such an attack will of course take a very long time to execute and any competent sysadmin should notice it fairly quickly if he/she checks the logfiles. Yes, you still need the correct password to get in but what the attack does is to find it. -- <Insert your favourite quote here.> Erik Trulsson ertr1013@student.uu.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011106180650.A72863>