Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

20 comments

Cinco de mayo!!! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5887241)

Weee!!

OpenBSD (0, Insightful)

Anonymous Coward | more than 11 years ago | (#5887261)

what, just like the government pulled DARPA funding to make OpenBSD better?

Re:OpenBSD (1)

bonsai_kitty (636771) | more than 11 years ago | (#5888630)

I couldn't agree more. *BSD would be better at this task IMHO. Yes the Development people can be fickle but isn't the government as well? ;)

Re:OpenBSD (1)

gearheadsmp (569823) | more than 11 years ago | (#5889795)

DARPA dropping the OpenBSD grant just goes to prove that the U.S. Department of Defense cares more about their self-image than security & stability. To me, this makes them appear to have swapped priorities with the White House. Instead of focusing on Defense, the DoD is focusing on PR. Maybe the Canadian Defence Ministry will pick up where DARPA left off.

Re:OpenBSD (0)

Anonymous Coward | more than 11 years ago | (#5889617)

DARPA pulled funding from OpenBSD because Theo has a big fucking mouth. If the lead developer of a project expects funding from somebody, he should learn to cow-tow, not bad-mouth.

FUCK Theo, FUCK OpenBSD, and FUCK all *BSD users. Yeah, BSD may have been superior to Linux, but that was 5 years ago. Try Linux again...for the first time!

Great but (5, Insightful)

jsse (254124) | more than 11 years ago | (#5887351)

I wish they'd spend more money on auditing Windows [sdtimes.com] too.

Of course, crash on "division by zero" is a feature, not a bug. :)

Re:Great but (5, Informative)

rritterson (588983) | more than 11 years ago | (#5887469)

It's not quite the same, obviously. The Navy software engineers can easily tweak and fix any holes they find. With Windows you are limited to the framework MS provides and the hope that they will fix any problems discovered.

The NSA released documents on how to secure WinXP and Win2K server not too long ago- it was even posted on /.

Re:Great but (1)

Repugnant_Shit (263651) | more than 11 years ago | (#5887602)

I still need to plow through that PDF. It looked like it a lot of good info.

Re:Great but (1)

4of12 (97621) | more than 11 years ago | (#5889911)


The NSA released documents on how to secure WinXP and Win2K server not too long ago

I'm glad they did that. It was nice public service, IMHO.

However, for practical use, the 105 page guide is a bit prolix for me. I'm installing, patching and trying to harden a home Win2K system (got removable drives and SuSE 8.1 on the other) and found other, shorter guides (ArsTechnica, I think) for Win2K security to be quicker and easier to use.

what is the kernel lacking? (1)

zogger (617870) | more than 11 years ago | (#5887613)

I see in the article that the linux kernel "lacks" such and such for security auditing? Would one of ya'all gurus please explain this? I thought there were a plethora of auditing tools and schemes already. Thanks in advance!

Re:what is the kernel lacking? (4, Informative)

Beryllium Sphere(tm) (193358) | more than 11 years ago | (#5887873)

>Would one of ya'all gurus please explain this?

Attend, my son :-)

The key word seems to be "forensic". They want to replace syslog with something sufficiently tamper-resistant to persuade a judge that it's good enough for legal evidence. There are already some clever hacks for this, such as hiding the real syslog process and leaving a fake one around for an intruder to disable or corrupt.

ok... (1)

zogger (617870) | more than 11 years ago | (#5890737)

..ok, that makes sense. so in order to do that, following normal procedure (made infamous in the OJ case) you need a provable uncorrupted "chain of evidence" from start to finish.

Turbocharged DRM would of necessity be part of that along with the allegedly "incorruptable" logs. It matters now what you are looking at with regards to this theoretical 'crime" if the evidentiary analysis would not be able to prove a "perp". Proving the crime occurred seems to be the premise of the hardened logs, but proving who did it is still ellusive WITHOUT mandated suber turbo DRM styled efforts.

Or so it looks like to me.

Re:what is the kernel lacking? (3, Interesting)

bill_mcgonigle (4333) | more than 11 years ago | (#5890996)

They want to replace syslog with something sufficiently tamper-resistant to persuade a judge that it's good enough for legal evidence.

Just echo the syslog output to a 9-pin dot matrix printer...

Re:what is the kernel lacking? (2, Informative)

ctr2sprt (574731) | more than 11 years ago | (#5888401)

There are a lot of things that can be meant by "auditing." At its most sensitive, you can audit all accesses to certain system resources (files, syscalls, device node accesses, that sort of thing), and at a more standard level you can audit failed accesses to system resources. Some of this is implemented in some way - "bad root login on tty1" - but usually when people talk about system security auditing, they are talking about a unified framework for controlling auditing of the entire system (the parts relevant to security, at least). The "unified" part is especially important because frequently you want to analyze the audit trail using automated tools, kind of like Snort and ACID, rather than viewing each entry individually. If you have 50 different programs auditing things in 50 different ways, that makes system-wide analysis much more difficult.

This isn't the sort of thing normal people will want or need on their Linux systems, but in some environments (military, government) it's really important. And you could, of course, use it to create a honeypot, if you're into that sort of thing.

Re:what is the kernel lacking? (1)

zogger (617870) | more than 11 years ago | (#5890805)

--ah, I was not aware that such a tool didn't already exist. Being a still neophyte at this I am still learning various tools. Making "one" tool that *does it all* seems logical, except for the single point of failure phenomenon then.

Of course, you are correct, most "normal" users don't seem to need this. In fact, as a "normal" user, I must say I certainly...uh.. enjoy... all the "volunteer" efforts that kind hearted "outside auditors" seem to be always giving me... uhh ya... enjoy..... I guess.....

%^)

with no desire to be clever (0, Troll)

jago25_98 (566531) | more than 11 years ago | (#5888777)

out of duty

navy penguin

Re: with no desire to be clever (3, Funny)

Black Parrot (19622) | more than 11 years ago | (#5890264)


> navy penguin

That's the guys who weren't quite tough enough to make the Seals, right?

pffft (0)

Anonymous Coward | more than 11 years ago | (#5890207)

Maybe they can use their new security enhancements to prevent RIAA from suing their students? Oh, and sixteenth post.

How is this different than the NSA's SE Linux? (1)

cmehta1 (88375) | more than 11 years ago | (#5891840)

Are the Navy and NSA working on the same kinda things? Or do we have more govt waste with duplication efforts?

And just to get more tweaky...is it also similar to the aborted Dept. of Defense changes that Theo de Raadt was gonna do on BSD?

NSA page: http://www.nsa.gov/selinux/

Great but (1)

xaos (146834) | more than 11 years ago | (#5894851)

Why on earth would the Navy spend good money auditing Linux, when OpenBSD is already the most secure OS? It's been audited for the last 6? years.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...