On Tuesday 07 September 2004 15:14, Damon Register wrote:
Anders Johansson wrote:
Tripwire (or similar) is always useful, but it won't prevent breakins. Only help you detect them after the fact
So are you saying the best one can do is find they have been hacked but prevention is not possible?
With the current state-of-the-art programming, no it isn't, short of turning off all services. If you are offering a service to the internet, and that service contains a bug that lets someone crack it, then there is no fool proof way to prevent someone from doing it. The best you can ever hope for is to make it so hard that the effort required to crack it isn't worth whatever is found on the machine. And history teaches us that with any service, no matter how well audited, always has odds > 0 that it contains as yet undiscovered security problems If you stay up to date with all the security patches released, if you only have services available that you really need to have available and turn off everything else, and if you use the various security patches such as the non-executable stack patch and others like it (Solar Designer, grsecurity etc) then you still won't have a 100% crack proof system, but chances are that you will defeat the "casual cracker" (read: script kiddie), and if you don't have anything on your machine that makes it worth the while of someone who really knows what he's doing, then you will probably be fine. This isn't to say that a system can't ever be secure, a well programmed system that has no bugs in it will be. But with current technology, we can't ever trust it, it will be an act of faith. Some day, someone may come up with a way to make it practical to produce mathematical proof that a given program is correct and secure, but to date all efforts that I'm aware of have failed. This is why, in "real" situations, you should physically separate all services connected to the internet from any internal machines where your valuable data is.