Shades of FV's Nathaniel Borenstein: Carnivore's "Magic Lantern"

[pasward at big.uwaterloo.ca]

Jay D. Dyson writes:
 > On Wed, 21 Nov 2001 pasward at big.uwaterloo.ca wrote:
 > 
 > > But this doesn't really address the question.  Certainly you take
 > > various precautions.  The question is: how can I know if the system is
 > > compromised? 
 > 
 > 	There's a wealth of utilities that can indicate system compromise. 
 > These tools range from Tripwire to the Advanced Intrusion Detection
 > Environment (AIDE), plus a range of network sniffing utilities that can be
 > configured to look for unusual traffic.  There's also the CryptoFileSystem
 > that precludes the Great Forces of Malevolence from sneaking things onto
 > your drive without your knowledge. 

Thanks.

 > 	All of these security-enhancing features must be predicated by
 > cradle-to-grave security, though.  That means trusted installation of a
 > trusted OS from a trusted source on a trusted, non-networked box.  Coupled
 > with that is assured physical security of the system by tamper-evident
 > systems.

I assume you mean non-networked at installation time, not afterwards.

 > 	In the final analysis, there's no substitute for simple human
 > vigilance and a healthy amount of paranoia.  Not one of these tools are of
 > any use if you have a user at the helm who will gleefully download and
 > execute the latest trojan horse.

I'm not entirely sure I believe that last statement.  Let's say I have
a tripwire-like system, but the process is constantly running.  So you
cannot compromise the code on disk in a useful fashion.  What can a
trojan actually do without being detected?



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com