help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security issues

From: Paul Paradise
Subject: Re: Security issues
Date: Tue, 2 Jul 2002 11:07:52 -0700
User-agent: Mutt/1.3.28i 
On Tue, Jul 02, 2002 at 12:28:44PM -0400, Jacob Lee wrote:
> I'm not so much worried about the users as I am an outside intruder - I
> cannot be 100% sure that the Windows servers are secure enough to
> prevent penetration. The users can do whatever they want, but the vast
> majority are new to Linux, and only one or two, whom I trust, are even
> at the level of (for example) being able to use ssh. I am more concerned
> about making the job easy for an outside intruder: solving for him the
> problem of finding other Linux hosts and having to mal-configure each of
> them, separately.

Finding the other hosts should be easy enough regardless: between
shell histories, saved SSH keys, or login records, or traffic sniffing
once the box is rooted, I think that your worries are directed in the
wrong spot.

The truly paranoid can put in all the chroot environments, jails,
LIDS, etc. mentioned earlier by others. Just don't think the getting
one box rooted won't affect your entire environment - once it's broken
into, if anyone connects to the box or from that box you can
effectively consider the other boxes at risk as well.

> I guess sudo would allow the users to do their common tasks (mounting
> network drives, setting the system time, etc.) without them knowing the
> root password. If users need to do any specific task, they can ask me to
> grant them permission. I'm still concerned that it would be possible to
> find the password via a number of means, which I hesitate to enumerate
> in too much detail - but if the users don't know the root password and
> the social engineering problem is eliminated, I may be able to tackle
> some of the other problems. The root password can even be different on
> each machine so that an attacker who gains one machine does not gain the
> others. The password would be a function of the machine name so that the
> admins don't end up writing down their passwords =), making this to some
> extent security through obscurity; however, it would still create a
> significant barrier to an attacker who would now have to crack several
> machines until the pattern is discovered.

Making the root password different will limit the damage only in the
case that the attacker gained access to the root password. If you go
the sudo route and pick a good, secure password that's the same across
all the machines, I'd be willing to wager that an attacker would break
in via some means other than brute-forcing the password.

-- 

----------------------------------------------------------------------
 Paul Paradise                                  paradise@qualcomm.com
 Interim Engineering Intern, QUALCOMM Incorporated       858.651.6655
 IT Host Services                                             AE-205C
----------------------------------------------------------------------
reply via email to
[Prev in Thread] Current Thread [Next in Thread]