Shades of FV's Nathaniel Borenstein: Carnivore's "Magic Lantern"
pasward at big.uwaterloo.ca
pasward at big.uwaterloo.ca
Thu Nov 22 16:56:35 EST 2001
Jay D. Dyson writes:
> On Wed, 21 Nov 2001 pasward at big.uwaterloo.ca wrote:
>
> > But this doesn't really address the question. Certainly you take
> > various precautions. The question is: how can I know if the system is
> > compromised?
>
> There's a wealth of utilities that can indicate system compromise.
> These tools range from Tripwire to the Advanced Intrusion Detection
> Environment (AIDE), plus a range of network sniffing utilities that can be
> configured to look for unusual traffic. There's also the CryptoFileSystem
> that precludes the Great Forces of Malevolence from sneaking things onto
> your drive without your knowledge.
Thanks.
> All of these security-enhancing features must be predicated by
> cradle-to-grave security, though. That means trusted installation of a
> trusted OS from a trusted source on a trusted, non-networked box. Coupled
> with that is assured physical security of the system by tamper-evident
> systems.
I assume you mean non-networked at installation time, not afterwards.
> In the final analysis, there's no substitute for simple human
> vigilance and a healthy amount of paranoia. Not one of these tools are of
> any use if you have a user at the helm who will gleefully download and
> execute the latest trojan horse.
I'm not entirely sure I believe that last statement. Let's say I have
a tripwire-like system, but the process is constantly running. So you
cannot compromise the code on disk in a useful fashion. What can a
trojan actually do without being detected?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list