Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Nov 2001 18:06:50 +0100
From:      Erik Trulsson <ertr1013@student.uu.se>
To:        Anthony Atkielski <anthony@atkielski.com>
Cc:        Ted Mittelstaedt <tedm@toybox.placo.com>, FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: Lockdown of FreeBSD machine directly on Net
Message-ID:  <20011106180650.A72863@student.uu.se>
In-Reply-To: <001401c166a9$9b976120$0a00000a@atkielski.com>
References:  <000201c166a2$d2ed80c0$1401a8c0@tedm.placo.com> <001401c166a9$9b976120$0a00000a@atkielski.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, Nov 06, 2001 at 10:58:35AM +0100, Anthony Atkielski wrote:
> Ted writes:
> 
> > I don't care how much money you throw at a security
> > crack, what counts is the persistence.
> 
> In the world of IT, it is possible to apply perfect solutions to security holes.
> In other words, it is possible to build perfectly secure systems.  It's
> expensive and requires people who are truly dedicated to making a system secure,
> but it is quite possible.  And systems secured in this way cannot be cracked by
> any amount of persistence.

Not so.  There is no such thing as 100% security.  It is possible to
build systems that are extremely secure such that to make them even
more secure would cost more than it is worth and such that to crack
them would require huge amounts of resources (time, money, people
and/or hardware) but they can be cracked.

> 
> Example:  Telnet passwords.  To log in with Telnet, you must provide the
> password of the account you wish to log into.  No password, no access.  No
> amount of persistence will force Telnet to let you in without the correct
> password.  This protocol is thus completely secure.

This is case where persistence is exactly what is needed to crack the
system.  One simply tries every possible password until one succeeds.
Such an attack will of course take a very long time to execute and any
competent sysadmin should notice it fairly quickly if he/she checks the
logfiles. 
Yes, you still need the correct password to get in but what the attack
does is to find it.



-- 
<Insert your favourite quote here.>
Erik Trulsson
ertr1013@student.uu.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20011106180650.A72863>