On Wed, 12 Jun 2002, Ben Nagy wrote: > I don't think I have to go that far. I can probably subvert the OS > through whatever the ultimate root account is, get the key from RAM and > fiddle the HDD logs and then spam the flash log (multiple power events,
Sorry, you don't get the ultimate administrative role- guess I omitted that- the implementation I was working on was for an under evaluation B2 (Red Book, not Orange) implementation. > or lots of something else that's audited). Or I can trojan the app that > reads back the flash log. You could stop this with the BIOS, but then > you can never legitimately upgrade your software. But yes, we're being > silly. I think I can stop that with MAC or roles or a combination. > > My main point is that we can now only trust the logs from this one > tamper-proof machine. If it's supposed to be a hardened log collector > then obviously I just mess with the input stream at the network end. The > same goes for getting the logs _out_ of this box in a secure manner, > probably. > > I'll believe it all when someone makes a firewall like that, though. ;) What would you pay for that? That's been the essence of my interest in RSBAC for the last ~3 years... Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
