Re: thoughts on kernel security issues

[Bill Davidsen]

On Wed, 26 Jan 2005, Jesse Pollard wrote:

> On Tuesday 25 January 2005 15:05, linux-os wrote:

> > This isn't relevant at all. The Navy doesn't have any secure
> > systems connected to a network to which any hackers could connect.
> > The TDRS communications satellites provide secure channels
> > that are disassembled on-board. Some ATM-slot, after decryption
> > is fed to a LAN so the sailors can have an Internet connection
> > for their lap-tops. The data took the same paths, but it's
> > completely independent and can't get mixed up no matter how
> > hard a hacker tries.
> 
> Obviously you didn't hear about the secure network being hit by the "I love 
> you" virus.
> 
> The Navy doesn't INTEND to have any secure systems connected to a network to 
> which any hackers could connect.

What's hard about that? Matter of physical network topology, absolutely no
physical connection, no machines with a 2nd NIC, no access to/from I'net.
Yes, it's a PITA, add logging to a physical printer which can't be erased
if you want to make your CSO happy (corporate security officer).
> 
> Unfortunately, there will ALWAYS be a path, either direct, or indirect between
> the secure net and the internet.

Other than letting people use secure computers after they have seen the
Internet, a good setup has no indirect paths.
> 
> The problem exists. The only to protect is to apply layers of protection.
> 
> And covering the possible unknown errors is a good way to add protection.
> 

-- 
bill davidsen <davidsen@xxxxxxx>
  CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/