From owner-freebsd-security  Sun Sep 19 20:29:17 1999
Delivered-To: freebsd-security@freebsd.org
Received: from ns.mt.sri.com (ns.mt.sri.com [206.127.79.91])
	by hub.freebsd.org (Postfix) with ESMTP id 81CBC14BC6
	for <security@FreeBSD.ORG>; Sun, 19 Sep 1999 20:29:07 -0700 (PDT)
	(envelope-from nate@mt.sri.com)
Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100])
	by ns.mt.sri.com (8.9.3/8.9.3) with SMTP id VAA20301;
	Sun, 19 Sep 1999 21:27:44 -0600 (MDT)
	(envelope-from nate@rocky.mt.sri.com)
Received: by mt.sri.com (SMI-8.6/SMI-SVR4)
	id VAA28019; Sun, 19 Sep 1999 21:27:41 -0600
Date: Sun, 19 Sep 1999 21:27:41 -0600
Message-Id: <199909200327.VAA28019@mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Brett Glass <brett@lariat.org>
Cc: nate@mt.sri.com (Nate Williams), Wes Peters <wes@softweyr.com>,
	"Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>,
	Warner Losh <imp@village.org>, security@FreeBSD.ORG
Subject: Re: Real-time alarms
In-Reply-To: <4.2.0.58.19990919175752.04577a20@localhost>
References: <4.2.0.58.19990918201409.047f9f00@localhost>
	<199909180612.AAA00597@harmony.village.org>
	<4.2.0.58.19990918093306.047917c0@localhost>
	<37E4449B.ADDD68EE@softweyr.com>
	<199909191933.NAA25843@mt.sri.com>
	<4.2.0.58.19990919175752.04577a20@localhost>
X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid
Reply-To: nate@mt.sri.com (Nate Williams)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Break-in detection systems work very well in the physical world

Not.  My company is doing alot of work in this area, including trying to
reduce the amount of false alarms and other useless information the #1
'security' product generates.

> where --
> as we all know -- it's ultimately possible to break into nearly
> anything if you employ sufficient force or defeat a perimeter defense.

That's the point.  The *hard* problem is making something sufficiently
secure *AND* informing the person of the breakin while minimizing the
number of false alarms.

Also, breakins are *NOT* just gaining root access, sometimes it's as
trivial as getting inside a network.



Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message