[NTLUG:Discuss] Virus / Worm problems

Robert Pearson e2eiod at gmail.com
Sun Oct 8 11:21:14 CDT 2006 

On 10/6/06, schpenke at juicymumpy.net <schpenke at juicymumpy.net> wrote:
> > -------- Original Message --------
> > Subject: Re: [NTLUG:Discuss] Virus / Worm problems
> > From: Wayne Walker <wwalker at bybent.com>
> > Date: Fri, October 06, 2006 1:22 pm
> > To: schpenke at juicymumpy.net
> > Cc: NTLUG Discussion List <discuss at ntlug.org>, Eric Waguespack
> > <ewaguespack at gmail.com>
>
> > Logging something does not increase security.  Only tracability after
> > the fact.
>
> Sure it does.  System security is based on all the whole of all security
> functions in a system.  Without logging you lose monitoring,
> accountability, and integrity.  Plus if you're using something like
> SWATCH, Tripwire, or whatever your favorite system log parser happens
> to be you can be notified immediately when something interesting
> happens in your logs.  In fact, you can configure your system to be as
> reactive to log alerts as you like prior to administrator intervention.
>
> > Having joeuser's passwd control root access, or worse 20 different users
> > passwords makes it much more likely that root access can be attained
> > through finding a weak password for any one of the users who have sudo
> > access, or by dropping a trojan to one of the users with sudo access.
>
> > I LIKE sudo.  I use it a lot.  But having a newbie, who probably chooses
> > an unsecure password, have full sudo access makes the root exploitation
> > easier.
>
> SUDO isn't made to blindly grant ROOT access.  SUDO is only designed to
> tell your system that you intend to execute the command following SUDO
> as a privileged user.  If you don't want 20 different users having the
> ability to execute certain commands (like SU, for instance) then you
> have the ability to restrict their access.  This removes much of the
> opportunity for new users on your system to cause any unnecessary or
> unintentional damage.
>
> You've made the statement that you are concerned that users with weak
> passwords will contribute to system compromise by either cracked
> passwords or privileged execution.  It sounds to me that you're in fact
> not saying that SUDO is insecure but user account policies are insecure.
>  I would guess that you would probably feel much better with restricted
> non-default SUDO implementation while using a hardened account policy.
>
> > In a corporate deployment you may change that, but the default is that
> > the main user of the machine has unrestricted sudo access.
>
> I'm not sure I'm following your example of a corporate deployment.
> Whether I am administering a system with 1500 users in a corporation, 5
> users at my home, or a single user on my laptop SUDO is still always
> controlled with VISUDO and a flat text file.  If you are saying SUDO is
> less secure than a ROOT account on a single user system because it, by
> default, allows that single user all ROOT functions I would argue that
> if it did not then the system would then have to provide that single
> user the ability to logon as a ROOT account with a password of their
> choosing which is still just as insecure.
>
> Also, remember that while logged in as a ROOT account ALL functions can
> be executed as privileged without user awareness or intervention.  When
> logged in as an end user, even with full SUDO rights, any privileged
> execution has to be acknowledged and re-authenticated.
>
> It still sounds to me as if your statement concerning SUDO being
> insecure isn't so much to do with SUDO directly as it is with user
> awareness and account policies.  Default configurations and careless
> users are always a bear.
>
> -S


This is good stuff!

On the Vax/VMS systems we had ACL's to control access and privilege.
You could control to "The File" who had access and privilege.
Nice! But a lot of overhead, they said. Who were they?

When "sudo" first appeared we were overjoyed that a way to add
granularity to "su" was available.
Then the political battles started.

Some managers don't care about the technical issues with "su".

When they go for control they go for "total" control. It is a power thing.
We had managers who were so unsatisfied with "sudo" power versus
"su" power they went to their mentor, who was higher in the company
than my boss's mentor, and demanded "su".
We had to give it to them.
Our only fallback was to give them their own machine. Then they could
only screw themselves.
YMMV

Taking the "Big Picture" perspective, "sudo" is only a "baby-step" toward
Identity Management which is a component of Security.

Anybody heard about a solution for access control to Virtualized
computing? Something like GRIDsudo, VMsudo or XENsudo?
Quite a challenge...

More information about the Discuss mailing list