[Tfug] Lightweight IDS options/strategy/policy

Kramer Lee krameremark1 at gmail.com
Wed Sep 25 15:57:49 MST 2013


"appears to only be "reading" from the outside world"

Well, it depends on what they are reading.

Probably the good info they get will be sent out encrypted.  If you
have some NSA grade encryption busters, you can see what it is and
maybe stop it.  If they have some NSA grade back-doors etc, they might
be able to get whatever they want.



On 9/25/13, Bexley Hall <bexley401 at yahoo.com> wrote:
> Hi Tyler,
>
> On 9/25/2013 1:17 AM, vaca at grazeland.com wrote:
>> IDS is a part of a comprehensive security program.  I don't think anyone
>> is suggesting it as a replacement for perimeter security, OS hardening,
>> anti-malware software, strong policies, etc.
>
> The *tougher* problem is how you deal with (3rd party) "apps" running on
> the system.  Do you prevent them from dialing out (not practical even
> if they are "PULLing" information as it is easy to set up a covert
> channel that appears to only be "reading" from the outside world)?  Or,
> do you restrict what they can *see*?  (i.e., only let them see things
> that you don't care if they "disclose")
>
> How do you create tools that let the *user* decide what he considers
> "public" information vs. private (so your mechanisms can apply the
> appropriate safeguards)?
>
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>




More information about the tfug mailing list