Re: Preventing exploitation with rebasing

From: Alan DeKok (alandat_private)
Date: Tue Feb 04 2003 - 09:26:51 PST

Next message: GreyMagic Software: "Phantom of the Opera (GM#003-OP)"

Previous message: David S Goldberg: "Re: Preventing exploitation with rebasing"
In reply to: Brian Hatch: "Re: Preventing exploitation with rebasing"
Next in thread: Riley Hassell: "RE: Preventing exploitation with rebasing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  Much of this thread would disappear if people used hard numbers
instead of opinions.

Brian Hatch <bugtraqat_private> wrote:
> People keep saying "but it won't stop everything", and that's true.

  Exactly.  Even DES isn't "perfectly" secure, (i.e. unbreakable).  It
*obfuscates* the data, but does not *secure* it.  The benefit of DES
is that it has a provable level of obfuscation.

  This takes the security versus obscurity argument from the realm of
personal opinion to one of quantitative statements.  We should have a
similar goal for this discussion.

> But since when have we turned down a security procedure that is
> not a silver bullet against all evils?  I'd love to make it harder
> for worms to attack my systems.  I'd love for them to take longer
> to break into the machines down the hall.  That means things will
> spread slower, and we can stop the damage quicker.  Why is this bad?

  It's not.  But many people are of the opinion that if a solution
isn't perfect, then it's not "secure".  They can then argue that no
security is somehow "better" than an imperfect system.

  The problem with those kinds of arguments is that they don't define
the terms used, or what basis is used for the measurements.  The
appropriate response is to ignore personal opinions, and instead ask
for clarifications of terms like "useful", or "better".

  If attacks can be trivially re-written to work around rebasing,
then it's obvious that rebasing changes the form of the attack, but
not it's potential to succeed.

  If rebasing means that attacks have provably a lower probability of
succeeding, then it's obvious that rebasing gives some additional
level of obfuscation, which is generally called "security".

> ... any administrator who has such a "mental" vulnerability probably
> has several other non-rebasing related vulnerabilities on their
> servers anyway.  They probably think that a firewall stops all
> attacks, so wouldn't bother rebasing in the first place.  This is
> not a satisfying argument against rebasing.

  It's an ad-hominem attack with no substance.  "Stupid people use
your solution, therefore your solution doesn't help."

  Security analysis of algorithms has always been done on the
assumption of perfect implementation.  Analysis of implementation or
deployment/configuration bugs is a seperate analysis.

  Alan DeKok.

Next message: GreyMagic Software: "Phantom of the Opera (GM#003-OP)"
Previous message: David S Goldberg: "Re: Preventing exploitation with rebasing"
In reply to: Brian Hatch: "Re: Preventing exploitation with rebasing"
Next in thread: Riley Hassell: "RE: Preventing exploitation with rebasing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Feb 04 2003 - 18:04:23 PST