[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Plan

To: independence-l@independence.seul.org
Subject: Re: Security Plan
From: Roger R Dingledine <arma@mit.edu>
Date: Sun, 5 Dec 1999 02:47:42 -0500 (EST)
Delivery-Date: Sun, 05 Dec 1999 02:47:49 -0500
In-Reply-To: <Pine.LNX.4.10.9912050152040.28964-100000@pingu.cognite.net> from "David Webster" at Dec 05, 1999 02:15:40 AM
Reply-To: independence-l@independence.seul.org
Sender: owner-independence-l@independence.seul.org

> This is a plan I've worked up to improve Indy's security. Comments are
> more than welcome.

Be sure to check out the bastille-linux project.

http://www.bastille-linux.org/
They've got a hardening script that they're generating for (i believe)
RH 6.1. Is progressing nicely.
 
> - - Remove ALL services, unless otherwise authorised by user during install.
 
This will require describing each service during install sufficiently that
the user knows whether he should pick it. Not necessarily a bad thing, but
this will make installing for a new user a very long process.

> - - Remove as many SUIDs as possible. (Is removing ALL possible?)

Removing all is not possible. Consider such programs as 'su'. But in
general, a good plan.
 
> - - The three 'r' utilities are big problems, don't install by default,
> inform user of problems with them before letting the user install them.
> 
> - - Stop remote printing ability, unless asked for by user.
> 
> - - For the admin utilities (fdisk, etc.) move away from 755, to 510.
> 
> ? - Collect similar commands into 'groups', assign group name to that
> collection of commands, and if a user needs to have that functionallity,
> add them to that group (provide easy way for root-user to add other users
> to groups). (i.e. have groups: local (for users accessing from terminal) 
> remote (if install is server, for remote users), printing, admin, etc...) 
> [Unsure about this one. Anyone any thoughts?]

interesting idea. makes maintenance higher (as opposed to simply adding a
user and then he can do everything users can do).
also, here's another question to consider: is indy trying to be more useful
for all types of users, or are you specializing towards a specific target
audience? if the latter, shouldn't you make it as simple and easy as possible
for that particular audience? (what i'm getting at is that having many remote
users may be something that 'never' happens for an indy user.)
 
> - - firewall set to DENY, unless service is explicitly asked for

better have a good app for asking for service, then.
 
> - - GUI Tool for setting up logs. [Any log monitoring software out there?]
> 
> - - Get firewall to log requests/detect portscans, and warn user.
> 
> - - Suggest against use of telnet, include ssh.
 
what is the proposed way of installing this thing? if you do a network
install off belegost, then you need to get your ssh rpm's from elsewhere,
which complicates things...

tho hey, i don't mind making a statement about us law and just exporting
them. but that's something we should consider more carefully before doing.

> - - Promote use of GPG/encryption software, include intergration for all
> mail readers, if possible.

is pgp deprecated in favor of gpg in all cases now?
 
> After talking to Jericho (Brian Martin), he thinks that this should rule
> out over 95% of the attack possibilities.

As an MIT network security consultant, this statement triggers my bullshit
detector. Please don't say it for official Independence publicity. :)
(And the above statement triggers my dangling participle detector, but that's
another story. I think I'll get some sleep too.)
 
--Roger

References:
- Security Plan
  - From: David Webster <cog@seul.org>

Prev by Date: Re: Security
Next by Date: Re: website updates, redhat diffs
Prev by thread: Re: Security Plan
Next by thread: Re: Security Plan
Index(es):
- Date
- Thread