From owner-freebsd-security Sun Sep 19 18: 9:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from secondary.truckmaster.com (ns2.truckmaster.com [204.134.205.68]) by hub.freebsd.org (Postfix) with SMTP id 2207815323 for ; Sun, 19 Sep 1999 18:09:43 -0700 (PDT) (envelope-from cstone@secondary.truckmaster.com) Received: (qmail 9597 invoked by uid 500); 20 Sep 1999 01:15:22 -0000 Message-ID: <19990919191521.A2048@pobox.com> Date: Sun, 19 Sep 1999 19:15:21 -0600 From: cstone@pobox.com To: Brett Glass Cc: freebsd-security@freebsd.org Subject: Re: Real-time alarms Mail-Followup-To: Brett Glass , freebsd-security@freebsd.org References: <4.2.0.58.19990918201409.047f9f00@localhost> <199909180612.AAA00597@harmony.village.org> <4.2.0.58.19990918093306.047917c0@localhost> <37E4449B.ADDD68EE@softweyr.com> <4.2.0.58.19990918201409.047f9f00@localhost> <199909191933.NAA25843@mt.sri.com> <4.2.0.58.19990919175752.04577a20@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1 In-Reply-To: <4.2.0.58.19990919175752.04577a20@localhost>; from Brett Glass on Sun, Sep 19, 1999 at 06:11:52PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Sep 19, 1999 at 06:11:52PM -0600, Brett Glass wrote: > At 01:33 PM 9/19/99 -0600, Nate Williams wrote: > > >Email is trivial to forge > > With strong encryption? Possibly so, if you're dealing with a compromise of the agent which is sending the mail. > >and/or snarf, > > Depends how it's done. > > >and is not > >secure by any stretch of the imagination. > > More strides have been made toward good security for e-mail than for > any other type of computer facility. Why? because e-mail is the thing > that people, overall, MOST want to be secure. > That's the reason why I suggest it. It's not always the ideal method > for secure notification, but the ways of authenticating and securing it > are better developed than for other methods. So, it may be the best bet, > at least to start. I agree that report generation by mail would be a useful facility, but I think that there should be a standard entity dedicated to receiving alert/activity data and (if necessary) acting on that data. There are several other notification mechanisms which could be useful as well, but they are all relatively easily implemented. It is important that notification be as flexible as possible. The real issues, at this point, are the choices behind the code which is gathering activity data and the criteria which define an alert. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message