>      Security Comments
    >      * I think almost all writable data nodes here are sensitive, because 
a network
    >      attacker's first move is to block any logging on the host, and many 
of the data
    >      nodes here can be used for this purpose.
    > [clw1] I will reword the security section to include all writeable nodes 
as sensitive.
    >      * Re: readable data nodes, I'm not
    >      sure which are sensitive, and the document should give an example or 
two rather
    >      than just say "some". Otherwise the security advice is not 
actionable. One
    >      example: "remote" sections leak information about other hosts in the 
    > [clw1] This text was lifted from another model. I will review the 
readable nodes and update.
    >      * Write operations... can have a negative effect on network 
operations. - I would
    >      add "and on network security", because logs are often used to detect 
    >      breaches.
    > [clw1] I will add this phrase.

The fact that the syslog data nodes are write-sensitive can be made explicit in
the model by making the whole configuration tree nacm:default-deny-write, and
making read-sensitive subtrees nacm:default-deny-all.

Gary Wu

<KENT> Agreed.  Usually my modules have the NACM annotations and then, in the
Security Considerations section, I'm sure to point them out.


netmod mailing list

Reply via email to