Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 2 Jun 1999 14:24:16 +1000 (EST)
From:      Warren Toomey <wkt@henry.cs.adfa.edu.au>
To:        security@freebsd.org
Subject:   Idea for New Security Tool
Message-ID:  <199906020424.OAA00771@henry.cs.adfa.edu.au>

next in thread | raw e-mail | index | archive | help
All,
	I've got a friend, Jeff Howard, working on a security-related
Masters project. Essentially, it's a new version of the COPS/Kuang
tool from Spafford and Farmer, but with one large difference.

In the new version, which we call KuangPlus, the system core is distributed
with just the induction engine and no security rules (well, very few rules).
However, the system has the ability to:

	+ download new rules from the network
	+ verify their authenticity (using public-key crypto)
	+ and load/run the rules on the fly, once verified

The idea is that, as new security vulnerabilities are found, new
rules can be created, signed and put up on the Internet for download.
Any individual, group, organisation can make new rules: the FreeBSD
team, individual Linux distribution teams, the Sendmail guys etc.

An admin who is prepared to _trust_ the rules made by organisation X,
will obtain X's public key and install it into the KuangPlus system.
As the organisation releases new rules, these are automatically
integrated into the local ruleset base.

KuangPlus is mainly designed to find configuration flaws which could
lead to security deficiencies. It's not a network vulnerability tool
like Nessus or SATAN.

Some more details about Jeff Howard's KuangPlus project are on the web
at http://minnie.cs.adfa.edu.au/KuangPlus/


So What?
--------

So why are we posting this info to security@freebsd.org? The project
is in the early stages. We'd dearly love some people to a) tell us
what good things KuangPlus should/shouldn't do, and b) think of areas
in the design of the system which need improvement.

Once the system gets to alpha- or beta- level, we'd also like to get
some FreeBSD rules written! We'll be doing some ourselves, but the
real goal is to get the vendors to write rules for their own systems.

Anyway, if you're interested in helping out, please email me back. I'll
act as general co-ordinator. Jeff's wife has just had their first baby
too, so Jeff's already got a lot on his plate.

Many thanks in advance for all your suggestions.

	Warren and Jeff


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906020424.OAA00771>