From owner-freebsd-questions Tue Nov 6 9: 7:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from maile.telia.com (maile.telia.com [194.22.190.16]) by hub.freebsd.org (Postfix) with ESMTP id 58C1137B417 for ; Tue, 6 Nov 2001 09:07:12 -0800 (PST) Received: from d1o913.telia.com (d1o913.telia.com [195.252.44.241]) by maile.telia.com (8.11.6/8.11.6) with ESMTP id fA6H79426316 for ; Tue, 6 Nov 2001 18:07:10 +0100 (CET) Received: from ertr1013.student.uu.se (h185n2fls20o913.telia.com [212.181.163.185]) by d1o913.telia.com (8.8.8/8.8.8) with SMTP id SAA13330 for ; Tue, 6 Nov 2001 18:06:53 +0100 (CET) Received: (qmail 75765 invoked by uid 1001); 6 Nov 2001 17:06:50 -0000 Date: Tue, 6 Nov 2001 18:06:50 +0100 From: Erik Trulsson To: Anthony Atkielski Cc: Ted Mittelstaedt , FreeBSD Questions Subject: Re: Lockdown of FreeBSD machine directly on Net Message-ID: <20011106180650.A72863@student.uu.se> Mail-Followup-To: Anthony Atkielski , Ted Mittelstaedt , FreeBSD Questions References: <000201c166a2$d2ed80c0$1401a8c0@tedm.placo.com> <001401c166a9$9b976120$0a00000a@atkielski.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001401c166a9$9b976120$0a00000a@atkielski.com> User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Nov 06, 2001 at 10:58:35AM +0100, Anthony Atkielski wrote: > Ted writes: > > > I don't care how much money you throw at a security > > crack, what counts is the persistence. > > In the world of IT, it is possible to apply perfect solutions to security holes. > In other words, it is possible to build perfectly secure systems. It's > expensive and requires people who are truly dedicated to making a system secure, > but it is quite possible. And systems secured in this way cannot be cracked by > any amount of persistence. Not so. There is no such thing as 100% security. It is possible to build systems that are extremely secure such that to make them even more secure would cost more than it is worth and such that to crack them would require huge amounts of resources (time, money, people and/or hardware) but they can be cracked. > > Example: Telnet passwords. To log in with Telnet, you must provide the > password of the account you wish to log into. No password, no access. No > amount of persistence will force Telnet to let you in without the correct > password. This protocol is thus completely secure. This is case where persistence is exactly what is needed to crack the system. One simply tries every possible password until one succeeds. Such an attack will of course take a very long time to execute and any competent sysadmin should notice it fairly quickly if he/she checks the logfiles. Yes, you still need the correct password to get in but what the attack does is to find it. -- Erik Trulsson ertr1013@student.uu.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message