roadmap

Robert Day zarin at dscn.net
Sun Jan 4 20:05:25 PST 2004


On Sun, 2004-01-04 at 21:07, ashes wrote:
> Mission Statement
> 
> Hardened Linux From Scratch is a text book that teaches Linux system security 
> by implementing it in a flexable way on an already existing Linux system. 
> This is done in a way that will create a new independent hardended Linux 
> system.
> 
> Roadmap
> 
> Define threat assessment.
> Decide on a default system security policy.
> Decide on a default user policy for root, regular users, chroot users, with 
> and without X11, with and without network access. This assumes enforcement.
> Define user requirements.
> Decide on a default system accounting policy. (Process, filesystem, and memory 
> access)
> Decide on a default intrusion detection and reaction policy.
> Decide on a default software auditing policy. (Minimum security requirements)
> 
> Provide detailed analysis of all of the above.
> ----
> 
> We can start with the first one. Who are we protecting ourselves against, and 
> what do they want?

First one:

Everyone ;)  LOL

Local unprivelaged users for one.  They want root access. Maybe to play
with the system, maybe to cover their tracks, or maybe worse.

Remote unprivelaged users - we can probably group these mostly
together.  Or, maybe change local unprivealged to local unwanted - ie
people who do NOT have access to the system via login, but could exploit
it via reboot, boot disk or boot parameters (init=/bin/sh etc).  Remote
(or local) unprivelaged users are people who Do ahve a shell account,
but at a low access level. Most likely want root access to either
install applications or hacking tools, or snoop into other users' files
etc.

Remote attackers. These are the generic breed skript kiddiez and skilled
hackers. There is no need, imho, to differentiate. They want to deface
websites, find storage for pirated software, dump sites and distro
storage, spam relays, or they want to exploit the machine as an anoymous
hop in a chain of explited systems to launch attacks on other system,
participate in DDoS attacks, or snoop files on the system for some
malicious purpose (corporate espionage being one of the higher-end goals
of a remote attacker)

And finally, not to be forgotten, Unknown threats. These can and do
include a trojan sort of application, or virus. An application that
comes from an unknown source, and exploits race conditions in systems to
achieve some goal. This also includes such attacks as internet pirating
and network resource abuse. Mainly in the form of unsecured Wireless
networks. These such "other threats" are sometimes (oftentimes)
overlooked.  

  Did I miss anything?  LOL

    Rob Day (BOFH)




More information about the hlfs-dev mailing list