On Mon, 2 Jul 2001, Derek Martin wrote:
> This requires that you run a modular kernel. On a machine connected
> directly to the Internet, or wherever security is a concern, I would
> highly recommend against using a modular kernel.
Hmmmm. I am not sure I agree. A modular kernel has a number of distinct
advantages over a monolithic kernel in terms of management and administration.
At the same time, if an attacker has penetrated your security to the point
where they can successfully load a new kernel module, I think the game is
pretty much up. They are patching the running system. Game over, man.
Reboot from trusted media and run a full verification with your IDS, and/or
wipe-and-restore.
--
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or |
| organization. All information is provided without warranty of any kind. |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
