| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Aug 2008 08:26:37 +1000 From: "Peter Dolding" <oiaohm@...il.com> To: "Jörg Ostertag" <Joerg.Ostertag@...ra.com> Cc: "Theodore Tso" <tytso@....edu>, "Rik van Riel" <riel@...hat.com>, "Eric Paris" <eparis@...hat.com>, "Greg KH" <greg@...ah.com>, "Al Viro" <viro@...iv.linux.org.uk>, "Press, Jonathan" <Jonathan.Press@...com>, "Arjan van de Ven" <arjan@...radead.org>, linux-kernel@...r.kernel.org, malware-list@...ts.printk.net, linux-security-module@...r.kernel.org Subject: Re: [malware-list] Threat model for Unix Computers On Fri, Aug 8, 2008 at 8:48 PM, Jörg Ostertag <Joerg.Ostertag@...ra.com> wrote: > Am Mittwoch, 6. August 2008 03:44 schrieb Theodore Tso: >> On Tue, Aug 05, 2008 at 08:46:00PM -0400, Rik van Riel wrote: > > ... > > I'm trying to fill in some other thread models, not all directly related to > virus-scanning, but if we want to get a complete anti-threat model for linux, > we should take them into account too. > In addition I'll add some usage scenarios for later extracting some threat > scenarios ... > > Desktop-Users: > ---------------------- >> The Linux Desktop (where clueless users may be tricked into >> running malware). > > I would add the chance of users exporting there locally stored Files via CIFS, > SMB, http, ... for accessing them with there beloveled streaming clients. > > Speaking of exporting Files from a Desktop PC we should also take in account > File-Sharing clients. > > Some more examples of a Desktop Users desire would be: > - copying Files to/from there PDA (BT,USB,WLAN) > - sharing internet connection with there PDA (BT,USB,WLAN) > > Another threads would be: > - giving access to the Desktop-PC to guest-users for > "just let me look up something in the internet" > and the guest-user on the Desktop not informing about the (in his point of > view) urgent installation of there beloved > Browser-malware^H^H^H^H^H -adware ^H^H^H^H^H -extention > > For all the Files stored on the Desktop PC we should also take in account, > that the paranoid Desktop user would store them inside a crypted > device/container. Some examples would be: truecrypt-container/-partition, > External crypted Harddrive, ... > > ... speaking of storing Files I would expect even Desktop Homeusers to store > there Files on a local mini Fileserver (like a Fritz-Box, NSLU2, ...) to > share them with other devices like Multimedia players, ... > > Notebook-Users: > ------------------------ > And then we have the Linux Notebook users. I separate these from the Desktop > users, because they will have most of the Scenarios for Desktop users plus > some additional treats. > - Connecting to random accesspoints (Airports, Hotels, ...) > - Exporting there Wireless (BT,WLAN,UMTS, ...) to random people. Sometimes > willingly, sometimes unwillingly > - leaving there Notebooks unattended > - without Bios password > - without HDD-encrytion > - without Boot-Manager Password > - without screenlock > - ... > > Linux Desktops in public places: > -------------------------------------------- > I'm thinking of Linux Desktop PCs in places like Internet-Cafe, > Public-Library, School, ... > These would be similar to the Standard Linux Desktop but adding some > additional threats. > - willingly trying to attack the PC with physical access to > - CD-Rom > - USB-Devices > USB-Stick > Card Reader > - Network cable > - Floppy drive (if still existing) > - Reset Button > > >> The Linux File Server (where it is *highly* unlikely to have >> active running malware, since there are no clueless >> users running on said file server), but where malware >> may be stored and read over CIFS, NFS, etc. > > Maybe it "was" unlikely, but you can see more and more > (Now-)Unix-administrators originally used to other operating systems and with > a different view to security. So it would be nice if we would be able to > protect these users/admins/installations too. > > Mail-Proxy: > -------------- >> The Linux Mail server is really a restricted case of the Linux >> Fileserver; where the only way in is SMTP, and the >> only protocol out is IMAP/POP. > > I would add SMTP for the outgoing channel too. > > > Web-Proxy: > ---------------- > Only to complete the list: > The Linux Web Proxy is another example of a Linux Server. > The way in would be http traffic (mostly over port > 80 and 443) and the way out will be either over a shared > proxy port or offered transparent if the Linux machine is used > as router. > > In my opinion all good webproxies with scanner already provide a pretty good > solution here. > > Software Conflits ------------------------ Anti-virus Software conflicting with other secuirty software. This is a design issue on Windows and some of the hooks different companies have tried to develop for the Linux world. Linux systems can have HIDS and other non anti-virus monitoring software. On windows realtime scanning can be crippled if you install 2 anti-viruses at a time due to stuffing up each others hooks. We need to avoid this on Linux. There is more that will want to monitor the same things as a Antivirus on Linux looking for different kinds of problems. Yes the first platform where 1 alone running does not cut it. Peter Dolding -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists