Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060
Fax: +1 (530) 752-4767
Email: bishop@cs.ucdavis.edu
Question:
How secure is Linux compared to Windows or the MacOS. Which operating
system offers the best security features?
Response:
This depends on what you consider secure. Each system was designed
with different goals. Security is a specific goal of Windows NT and
Windows 2000. The MacOS was not designed with security in mind and,
until MacOS 9, was intended for single user systems. MacOS X
is built on top of a BSD-flavor kernel, so it has more security features.
But, like Linux, the BSD systems were not designed with security as
a primary goal.
The bottom line is that all three systems offer security features designed for different purposes. Of them, only Windows had security as a specific design goal. But all can have excellent to terrible security, depending on how one configures them. So I think any claim that "Linux is more secure than Windows" or "Windows is more secure than Linux" is too ill-posed to be answered.
Question:
Child labor laws allow minors to start working at age
14. However, the laws also don't hold minors accountable for their
actions. Most of the time, parents are accountable for their children's
actions. If an organization hires a minor to do penetration testing, that
minor can't sign a "License to Hack" agreement that is legally binding. If
that minor should get into trouble, who is held responsible for
damages? The parents or the people who hired him?
Response:
I don't know the law in this area. But I suspect the company
could be in trouble too, for teaching (or helping) a minor to break into
systems. :-)
In general, penetration testers are not minors. Companies want an established record of expertise and personal and professional integrity before they will hire someone for this sort of thing. The risks are too great to do anything else.
Question:
In the security realm, hackers are greatly despised. However, the number
of attackers are growing, thanks to the popular Internet. Many web sites
related to hacking exist on the Internet. And there is no doubt that
interested attackers will go on these sites and learn about various
hacking techniques. So, to reduce the risks of security break-ins,
shouldn't laws be passed to ban such web sites? Even web sites that
distribute free MP3s were banned! Shouldn't we just bypass the First
Amendment in order to safeguard against security harm?
Response:
Ignoring the civil liberties arguments about restricting the application
of the First Amendment, bypassing it would not change the situation
in the slightest. Suppose for a moment all such Web sites were declared
illegal under U. S. law. How would you enforce it against the sites
in Denmark, Russia, and Bulgaria that also have this information? Further,
it's not just the nasty folks who go to these sites to learn about
problems. System administrators, educators, and researchers gather
sample tools and data from them too. And I suspect the information would
continue to circulate, only in less accessible places.
Incidentally, there is an international debate on a subject close to this. The Draft Convention on Cyber-crime contains some wording that may encourage signatories to make possessing tools used to break into computer systems illegal under some circumstances. A group of computer security experts have drafted a Statement of Concerns abour the current wording. The treaty, and the concerns, make interesting reading. The Awareness Program for the Draft Convention on Cyber-Crime has relevant information as well.
Question:
Don't most modern systems use /etc/shadow to hold the actual passwords?
If I recall correctly, there is an "x" in the password file to indicate that the password is in shadow. so, does that x have to be there? ie, if one can remove that, does that mean no password?
What I'm getting at is a lot of the hacks to get root access depended on overwriting the password file. and on the systems I've seen shadow, it's 400 so not even root can overwrite it. An attacker would need to access chmod (or equiv) before overwriting (as in the lpr exploit).
So, in general, if the file holding passwords (be it shadow or passwd) has no write privileges for anyone, does that indeed protect against exploits by overwriting? (ie, one needs a root shell or at least a way to change permissions?)
Response:
First, root can overwrite files even if their protection mode
is 400 (r--------). The system does not apply any access controls
to root. (It does apply type checking, so root cannot do
a write(2) on a directory object, because it's of the wrong type.)
Second, there are a large number of vulnerabilities that allow an attacker to become root that do not involve overwriting the password/shadow file, so even if you were to make that file unwritable by root, it wouldn't protect you. (Also, how could users change their passwords in that case?)
Question:
How do you protect employees' emails and personal information from the
employers or the system administrator?
Response:
Basically, you don't put that information on the system. If
you don't trust a superuser, then you have no security, and
anything you do can be monitored, read, or altered.
|
Matt Bishop Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060 Fax: +1 (530) 752-4767 Email: bishop@cs.ucdavis.edu | Copyright Matt Bishop, 2000. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print. |