From owner-freebsd-security Sun Sep 19 17:12:42 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 9D7CE152E9 for ; Sun, 19 Sep 1999 17:12:36 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id SAA06250; Sun, 19 Sep 1999 18:12:01 -0600 (MDT) Message-Id: <4.2.0.58.19990919175752.04577a20@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Sun, 19 Sep 1999 18:11:52 -0600 To: nate@mt.sri.com (Nate Williams) From: Brett Glass Subject: Re: Real-time alarms Cc: Wes Peters , "Rodney W. Grimes" , Warner Losh , security@FreeBSD.ORG In-Reply-To: <199909191933.NAA25843@mt.sri.com> References: <4.2.0.58.19990918201409.047f9f00@localhost> <199909180612.AAA00597@harmony.village.org> <4.2.0.58.19990918093306.047917c0@localhost> <37E4449B.ADDD68EE@softweyr.com> <4.2.0.58.19990918201409.047f9f00@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:33 PM 9/19/99 -0600, Nate Williams wrote: >Email is trivial to forge With strong encryption? >and/or snarf, Depends how it's done. >and is not >secure by any stretch of the imagination. More strides have been made toward good security for e-mail than for any other type of computer facility. Why? because e-mail is the thing that people, overall, MOST want to be secure. That's the reason why I suggest it. It's not always the ideal method for secure notification, but the ways of authenticating and securing it are better developed than for other methods. So, it may be the best bet, at least to start. >Case in point. Tripwire is *NOT* a breakin-avoidance system, it's a >breakin-detection system. Breakin detection systems are at best poor >and at worst useless, and so far no-one has found a way to make them any >better. :( Break-in detection systems work very well in the physical world, where -- as we all know -- it's ultimately possible to break into nearly anything if you employ sufficient force or defeat a perimeter defense. They're especially valuable in multi-layered security systems, where they can detect a breach of an outer perimeter and report it before an intruder can get through an inner perimeter. I think they're a valuable asset in the virtual world, too, especially if used in conjunction with multi-layered security. In BSD UNIX, "securelevels," immutable files, etc. are the as-not-yet-perfected inner layer. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message