Date: Mon, 17 Jul 2000 12:33:58 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: Leif Neland <leifn@neland.dk>, security@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <Pine.NEB.3.96L.1000717122926.44081B-100000@fledge.watson.org> In-Reply-To: <200007171554.LAA02740@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, I missed whatever post prompted this, but I can certainly express opinions :-). On Mon, 17 Jul 2000, Garrett Wollman wrote: > <<On Mon, 17 Jul 2000 17:08:35 +0200 (CEST), Leif Neland <leifn@neland.dk> said: > > > If you can't reach a NTP server, you are not connected to the internet. In > > that case you don't need to worry so much about security... > > Unless, of course, the reason your machine is not connected to the > Internet is in order that it be able to provide some critical security > functionality. I concur. In fact, I am not so worried about what gets in -- stopping that is easy, it's preventing things from getting out. So it's easy for my to hypothesize a situation in which traffic, such as NTP, is specifically blocked from going out the door, yet there are still security concerns with incoming traffic and attackers. A multi-layered defense nees individual layers to remain resilient even in the face of the failure of preceeding layers. In fact, you can even imagine (pretty easily) attacks that involve cutting off accessing to remote time services. For example, in Kerberos environments, limiting access to time services can be a potent attack, both from the DoS perspective, and pushing custom applications outside of their normal operation bounds (as well as operators, who do bizarre things when faced with failures, like try to make use of unencrypted login when encrypted login fails). As well as attacks against NFS with drifting clocks that result in improper behavior, same with digital signatures and certificates. So without knowledge of the context, there are limited claims I can make about the accuracy of the statement, but in the broad case (and specifically my environment), I'd say that security services should use NTP when available, but failing when it is not is not a good thing :-) Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000717122926.44081B-100000>