Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] TIS FWTK
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Sat, 9 Dec 2000 08:49:22 -0700
  • Message-id: <001301c061f7$9b116a00$ca00030a@xxxxxxxxxxxx>
From: "Peter van den Heuvel" <peter@xxxxxxxxxxxxxxxx>

> Another silly issue on this list was the tamper-ability of MD5 hash
> values (nothing wrong with the question as such though) and it's
> required replacement for intrusion detection. Until finally somebody
> pointed out where the real vulnerabilty was: just forge the report. I
> was just wondering why the focus of this list is so much on "code" and
> so little on how to use it for a specific organization. Most unix hosts
> that have a reasonable administrator are most likely more secure against
> DOS than the telco. router that connects them to the WEB. Most sucurity

Pbbbbbbth. Lemme put it this way: Friend of mine was auditing a major telco, as he put it: "worst case scenario, I'd have to just
start hammering on their suns if I'm desperate to get in". Well it took him about two weeks but he got their main database servers
(work orders, customer records, CC's, etc). He also felt they had pretty good security. Of all the "legit" penetration teams/people
I know no-one has ever failed to get in.

As for MD5 it's like a lot of crypto problems, in theory right now. But in theory DES would take FOREVER to crack, well until the
EFF built deep crack on a shoestring budget...... Same story with MD5. Why use it when you have SHA1. Tripwire/et all moved to SHA1.

> Also there's nothing wrong in discussing interface add-ons for ipchans
> etc. But sometimes the discussion misses that such things can only
> improve your understanding or help you use your time efficiently. They
> inherently do nothing else to improve security. I personally prefer
> tools that help visualize the result of complex configurations and logs
> instead of separating me from the real issue at hand.

IPCHAINS sucks. it's not stateful. Try doing proper firewalling for DNS/FTP.

> One final remark. Moderation is a good thing, but please don't just do
> it to ban things. A simple classification with some tags like [basic]
> [home networks] [small organization] [large organization] [theory]
> [usage] or something like it would be of much more added value. With
> that I can play with some easy questions if I'm realy bored and tired :)
> Oh, I do consider a question of somebody who want's to protect
> 'pictures' reasonable.

And you expect people to use the classification system properly/etc? Hah.

> Peter

Kurt Seifried, seifried@xxxxxxxxxxxxxxxxxx
SecurityPortal - your focal point for security on the 'net

< Previous Next >