Re: Security Hole in Axent ESM

From: Steve Jackson (sjacksonat_private)
Date: Fri Aug 28 1998 - 09:36:53 PDT

Next message: Paul Ashton: "Re: Security Hole in Axent ESM"

Previous message: Anthony C. Zboralski: "Re: [linux-security] Linux UNFSD Security Problems"
Maybe in reply to: dcuppat_private: "Security Hole in Axent ESM"
Next in thread: Paul Ashton: "Re: Security Hole in Axent ESM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Let me address a couple of items pointed out in prior email concerning the
ESM (Enterprise Security Manager) product from AXENT Technologies.  For
those of you that may not be fully informed about the AXENT product line,
ESM is a security assessment tool that allows customers to assess their
current network-wide security readiness.  This tool allows a security
administrator/auditor to evaluate where the potential security holes are in
their environment across multiple platforms within their enterprise.  All of
this data can then be rolled into a single enterprise report automatically.
Now with that base information... the details about the issues:

The CRC check is used in conjunction with other checks by ESM to determine
when a customers file has changed.  The usage of CRC as a method of checking
for file change while not the most robust method does not constitute a hole
in ESM as there is no way the use of this method would allow someone to gain
access to ESM.

We at AXENT agree that CRC checks are not as secure as our customer base
would desire.  Thus, we have added the MD5 (128 bit) check to ESM.  This
shipped in the ESM 4.5 product in March of 1998.  Now our customers can
choose to run either CRC or MD5 according to their needs.

I want to respond to comments regarding the use of XOR within ESM 4.4 as a
method of hiding communications between servers and remote clients.  I would
like you to know that the method employed is not just XOR logic, but XOR
combined with standard 40 bit data hiding technology.

We at AXENT recognized that this methodology was not as secure as desired.
We have enhanced the communications security between servers and clients to
utilize a Diffie-Helman key for the session, combined with encrypting every
packet across the wire using DESX encryption.  This has been available since
ESM 4.5 shipped in March of 1998.  In addition to this, communications
handshaking occurs at the initiation of every communication sequence between
client and server.

Steve Jackson
AXENT Technologies

Next message: Paul Ashton: "Re: Security Hole in Axent ESM"
Previous message: Anthony C. Zboralski: "Re: [linux-security] Linux UNFSD Security Problems"
Maybe in reply to: dcuppat_private: "Security Hole in Axent ESM"
Next in thread: Paul Ashton: "Re: Security Hole in Axent ESM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:00 PDT