From owner-freebsd-security Tue Jun 1 21:24:21 1999 Delivered-To: freebsd-security@freebsd.org Received: from henry.cs.adfa.edu.au (henry.cs.adfa.edu.au [131.236.21.158]) by hub.freebsd.org (Postfix) with ESMTP id 1D7EE14DCA for ; Tue, 1 Jun 1999 21:24:16 -0700 (PDT) (envelope-from wkt@henry.cs.adfa.edu.au) Received: (from wkt@localhost) by henry.cs.adfa.edu.au (8.9.2/8.9.1) id OAA00771; Wed, 2 Jun 1999 14:24:16 +1000 (EST) (envelope-from wkt) From: Warren Toomey Message-Id: <199906020424.OAA00771@henry.cs.adfa.edu.au> Subject: Idea for New Security Tool To: security@freebsd.org Date: Wed, 2 Jun 1999 14:24:16 +1000 (EST) Reply-To: wkt@cs.adfa.edu.au X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org All, I've got a friend, Jeff Howard, working on a security-related Masters project. Essentially, it's a new version of the COPS/Kuang tool from Spafford and Farmer, but with one large difference. In the new version, which we call KuangPlus, the system core is distributed with just the induction engine and no security rules (well, very few rules). However, the system has the ability to: + download new rules from the network + verify their authenticity (using public-key crypto) + and load/run the rules on the fly, once verified The idea is that, as new security vulnerabilities are found, new rules can be created, signed and put up on the Internet for download. Any individual, group, organisation can make new rules: the FreeBSD team, individual Linux distribution teams, the Sendmail guys etc. An admin who is prepared to _trust_ the rules made by organisation X, will obtain X's public key and install it into the KuangPlus system. As the organisation releases new rules, these are automatically integrated into the local ruleset base. KuangPlus is mainly designed to find configuration flaws which could lead to security deficiencies. It's not a network vulnerability tool like Nessus or SATAN. Some more details about Jeff Howard's KuangPlus project are on the web at http://minnie.cs.adfa.edu.au/KuangPlus/ So What? -------- So why are we posting this info to security@freebsd.org? The project is in the early stages. We'd dearly love some people to a) tell us what good things KuangPlus should/shouldn't do, and b) think of areas in the design of the system which need improvement. Once the system gets to alpha- or beta- level, we'd also like to get some FreeBSD rules written! We'll be doing some ourselves, but the real goal is to get the vendors to write rules for their own systems. Anyway, if you're interested in helping out, please email me back. I'll act as general co-ordinator. Jeff's wife has just had their first baby too, so Jeff's already got a lot on his plate. Many thanks in advance for all your suggestions. Warren and Jeff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message