[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Safety of Allowing Access from Internet



Hans Ekbrand wrote:

I am suggesting that once an attacker is 'in' as a normal user, their quest for 'root' privelege is mostly won.


Again, I think you understate the risk that local users are the black hats.


not at all, I agree with you. It is not relevant whether the person trying to gain 'root' is an ordinary user, or an attacker who has gained access to a users' account. As far as security of the server is concerned, these people are one and the same.


My point is, make sure there is no path to 'root' from *anywhere* whatsoever.

From the 'Net, *All* points of access must be dead-ends, where it is physically impossible to gain 'root'.

I think we have the potential to get a tad pedantic here - all we can really do is make sure ;

a. sudo and su are secured (remove sudo and chmod su as you suggest)
b. all http-based admin services, viz webmin, are secured, or internal only.
c. The root account is ssh key-only access, and that key is securely held. (except for the Server Console, and that is physically secured.) [1]
d. (and plenty I have missed..)



It is important to make sure that the attackers' path towards 'root' is a dead-end, ie, a chroot jail.
[....]



What if the ftpd hits a buffer overflow, will that be a security risk?


And besides, what good use can there be for ftp in this case.


There is no use for it - it was an example to demonstrate the 'chroot' concept, which may be of use to secure other *required* services..



As I have seen many times in 'security' type discussions - the temptation is there to recreate Fort Knox - when this not required.


What is required, precisely, in this situation, is access to users' files for the purpose of 'backing-up users files' which is a read-only application. If this can be safely extended to read-write, then the students can access, and modify their work - a desireable situation.

Concern must also be directed at "How the Students will log in, download, modify, and then upload their work" or else we end up with such a convoluted system to use - that it will not get used ! and that defeats the whole point of doing it.

So, we must either balance security against ease-of-use, or if that is unacceptable (security must not be compromised!) then we must have a convenient method of downloading and uploading, and on top of that - compatible software for the students to use on their (often windows-based) home PCs.

With regards to the Applications-Suite - there is OpenOffice or Abiword available for windows, as I understand it.. If they have Linux at home, clearly the point is moot, but I that is unlikely.



regards,
Steve






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]