Hi. Let's assume someone wrote a perl script that figured out how to make a lot of money on the stock market, but that they wanted to protect the script because if others began using it, it would dimish its returns. The new millionaire would want to protect her creation, but it has to run on a computer with access to the internet. She puts it on a box which she tries to keep patched, it's behind a firewall, and only root has access to the scripts. The scripts need to run unattended, and the system needs to boot unattended. She fears two things: a remote root vulnerability, and that someone would physically walk off with the box. My impression is that under these conditions, besides vigilance, limiting running processes, working on physical security, keeping up on patches, possibly some sort of IDS -- there really isn't anything she can do to protect the source. If it's booting unattended, and running scripts unattended there's no sort of crypto strategy that could protect either against an intruder with root access or physical access to the hard drive. What do you think? John
This archive was generated by hypermail 2b30 : Fri Jan 24 2003 - 11:48:18 PST