|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical "top secret" security does require blocking SSH
[ On Sunday, July 9, 2000 at 08:22:46 (-0700), Roeland M.J. Meyer wrote: ]
> Subject: RE: RBL-type BGP service for known rogue networks?
>
> In many organizations, a system isn't considered secure unless
> port 22 is blocked, at the firewall. It is, after all, the secure
> port, that must mean that you have to block it to be secure,
> right?
Yes, that's exactly right, but not for the reasons you imply.
If the primary concern of a security policy is that covert channels must
be prevented then it is absolutely mandatory that port-22 be blocked
since it is by definition a covert channel.
However having any kind of Internet connection, proxied or not, into a
site where sensitive information must not be allowed to be leaked is in
effect a violation of the policy.
Unfortunately we're rapidly approaching (if we're not already there) a
state of affairs where it is impossible to technically prevent inbound
and outbound covert channels wherever people are required to interact in
a privileged way with security sensitive systems. A paper given at last
year's ACM New Security Paradigms Workshop by Dean Povey ("Optomistic
Security: A New Access Control Paradigm") suggests that it might be
better to adopt the view that security officers should "Make the users
ask forgivness not permission." Whether this paradigm can successfully
be delployed in top secret (or higher) environments or not is yet to be
discussed. I suspect it can but then I'm not an expert in traditional
forms of high security.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[email protected]> <robohack!woods>
Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>
|