Re: Security followup

Subject: Re: Security followup
From: Decker Wong-Godfrey <dfgodfrey -at- milmanco -dot- com>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Sun, 19 Jan 2003 23:26:22 -0800




Furthermore, the overwhelming number of security programs written for Windows
suggests that it is actually "easier" to secure a Windows system.

Sure, and the overwhelming number of text editors for Linux suggests that it is actually "easier" to write using a Linux system. And the overwhelming number of window managers written for XWindows suggests that it has always been "easier" to use the GUI of a Linux system.

Sure.

The reason that there are a number of different text-editors and window managers for Linux is that there is not one that does everything that everyone needs (though KDE is fast becoming the killer-app of window managers).

More likely the number of "secure your system" applications for Windows points toward an inherent lack of security on the Windows platform. There's money to be made because Windows is deficient in security.



For example, there is, to my knowledge, no automated intrusion protection technology that
runs on Linux. A technology that can respond in real-time to intruders and
block them. Some people have come up with highly modified versions of Snort
that can do this, but it is hardly "easy" to implement those technologies.


Isn't "Automated Intrusion Protection" just an Internet Security Systems buzzword for dynamic firewall configuration?

In order to provide dynamic firewall rule configuration, Snort doesn't need to be modified at all. One of Snort's strengths is the plugin-style preprocessor. You can add all kinds of functionality to Snort without ever having to touch the Snort code. In fact, someone has already done it for you. There is a Snort preprocessor that will dynamically write firewall rulesets based upon attacks. The preprocessor is public, so I'd say, in fact, it is pretty easy to implement.

But you should probably read the following to find out why "Automated Intrusion Detection" isn't something you necessarily want to begin with:

http://online.securityfocus.com/infocus/1540


ISS actually used to have a Linux agent that did this, and they cancelled it
because nobody bought it.


The fact that Snort already does this, is open source, and is well supported means that there's no real need for a proprietary competitor.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
A new book on Single Sourcing has been released by William Andrew
Publishing: _Single Sourcing: Building Modular Documentation_
is now available at: http://www.williamandrew.com/titles/1491.html.

Help Authoring Seminar 2003, coming soon to a city near you! Attend this
educational and affordable one-day seminar covering existing and emerging
trends in Help authoring technology. See http://www.ehelp.com/techwr-l2.

---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit
http://www.raycomm.com/techwhirl/ for more resources and info.



Follow-Ups:

References:
Re: Security followup: From: Andrew Plato

Previous by Author: Re: Security followup
Next by Author: Re: Security followup
Previous by Thread: Re: Security followup
Next by Thread: Re: Security followup


What this post helpful? Share it with friends and colleagues:


Sponsored Ads