Slashdot Mirror

One of the greatest things about this country is its freedom to information (weather it is privacy, speach, armaments, whatever...) Information is and has usually (unless the NSA is involved) always been there. Ask any librarian. The local library here (small conservative town) will not even filter internet content on the public computer. (We all know how fast a horny teenager can find pr0n sites.) If internet providers are now leagally obliged to filter sites for whatever reason, you can bet that EVERY gov't agency, EVERY religious organization, EVERY ACLU chapter, ANYBODY with a few bucks will be dictating what gets blocked. Watch, Non-Technophiles will want hacker sites like slashdot to be blocked!
I've always looked at the internet as a huge library. Stuff is there. Good and Bad. It isn't up to the librarians to keep you away from bad stuff. It is your own moores and conscience. (Don;t give me any rap about people without these...They should have their pursuits blocked.)
flogger

"All source code found on this site is released under the same terms and conditions as the original sources. For example, the patches to the Linux kernel, patches to many existing utilities, and new programs and libraries available here are released under the terms and conditions of the GNU General Public License (GPL). The patches to some existing utilities and libraries available here are released under the terms and conditions of the BSD license."

I'm going to go out on a limb and guess that the "undisclosed national security agency" is, in fact, the National Security Agency

Yeah there are other components that use the LSM hooks aside from SELinux and LIDS. There's Domain Type Enforcement (I believe).

Back to the original question I've used LIDS, SELinux, and GRSecurity and I've found them all to have their strengths and their weaknesses. The common problem with all of them is there is usually something you forget to configure properly the first time which can really be a pain to fix. SELinux and GRSecurity both solved this by adding a toggle mode and a /proc entry respectively to change the enforcement of their code.

With SELinux, the major advantage is that you gain a VERY flexible architecture you can use to create nearly any type of Mandatory Access policy you need. The specifications of the system make it able to use policies based on Type Enforcement (putting the bitchy SCC patent issues aside for the moment...), Role-Based Access Control, or Multi-Level Security and likely a host of other things. The drawback is that creating a policy that covers the whole system is not a trivial thing...look at the example security policy included with the distribution (http://www.nsa.gov/selinux) and you'll see what I mean.

GRSecurity is not exactly related to SELinux; they do different things. I like GRSecurity because most of its options do not require a lot of extra configuration, they don't break any existing applications (those that do are clearly marked), and they add a lot of small protections without a great deal of overhead to the vanilla kernel. Plus their ACL system is quite well-developed and extremely secure.

Ultimately I think it comes down to figuring out what you need for your box and then going with the option that will provide it to you with the least amount of interference (unless you like fixing things, of course ;) ).

I think it is about time that the LSM (or anything similar) was included in the kernel. When it comes to access control, I think Windows NT/2000 wins hands down against Linux.
I know I am running the risk of being modded down for saying that Win2K is way ahead of linux (or other *nix for all I know) but in the real world of file sharing, we use permissions and auditing quite a lot; these are not always black and white (what linux is currently capable of) permissions, they are often varying shades of grey.
Hopefully, with LSM, this will change even if it is in the future (1 year? 2 years?)
For a good explanation of the LSM, read this from NSA/SELinux

Any hacker that compiles SELinux first before examining it is an idiot.

I thought the gonvernment had already released such software.

I don't forsee this initiative going too far. Most people barely know how to use their computers to send email or read Slashdot, much less secure their systems from attack.

On the other hand, if anyone is going to try to design such a package of software, I imagine that the NSA knows their stuff pretty darned well. They have been advertising security-enhanced Linux on their website for a while now. I've never tried it, so I can't testify to its usefulness.

Absolutely. After all, this OS has twice, or three times the amount of bugs posted to Bugtraq as does and Windows system.

Frankly I'd rather see industry moves toward reliable solid state mass storage. Mechanical means just don't cut it any more as far as I'm concerned, just take a look at my journal to see the reason for my stance on that matter.

But where would we be without a few conspiracy theories?...

• Hard drive manufacturers operate an underground "quality cartel" on desktop grade drives, making people buy more and more, averaging out losses from customers switching brands, pumping up profit.
  
• HD makers are secretly on the take from the R.I.A.A. and M.P.A.A. to make crap drives, meaning all those evil mp3 pirates cannot hoard and share their booty for too long.
  
• The Men In Dark Suits Who Do Not Exist secretly sift through dumpsites in the dead of night looking for hard drives from which to recover details and evidence of MP3/DVD pirates, terrorists and other criminal activity. And pr0n.

Ali

The killer right now is letting them use Mozilla and Evolution through X from a server located outside the firewall: very secure and virusless (and cheap!)

You might want to be careful with this box that is outside the firewall. If someone can get into it, they can launch applications like xkey This will enable someone to do keyboard monitoring of anyone who's running an X application. Combine that with "netstat -anA inet | grep ESTAB" and you can easily determine some good IP addresses to target. What I'd be concerned about is someone sniffing my keystrokes in my mozilla sessions, getting by all the wonderful SSL encryption!

One way to combat this would be to use X forwarding through ssh as the X11 transport. That way you have to have access to the user's ~/.Xauthority file, which is typically set readonly for that particular user. Which means any local root exploits would grant someone access to all of your customer's keystrokes.

Something else you might want to look into is NSA's SELinux. I don't know much about it, but it seems like you could take advantage of the higher granularity of access controls to limit someone (other than the rightful user) getting access to ~/.Xauthority. Even root wouldn't be able to get access.

Anyway, that's a very cool idea you have. Just be careful.

I have found that doing these USAMTS competition problems have pushed me forward a lot this past year of my high school career (not to mention an honorable mention finish). Try it and see what you learn. For those high schoolers out there, its a nice competition to get into, the only thing you pay is postage to send your answers in.

Good news is that it's long term. With Linux making more and more inroads every day, I wish them luck (well I don't really).

Consumers might think it's a nifty idea being the sheep they are, but governments (like Peruvian Congressman David Villanueva Nuñez) would certainly beg to differ on this being "secure". A foreign entity having this kind of control on their machines?

NSA has already thrown considerable weight behind Security Enhanced Linux. The good news is that NSA has to pretty much approve all software installed on US government machines on any large scale. You can bet your booty that there will be some security/encryption protecting government machines but it will be the spooks behind the triple fence doing it and not M$.

We already see a fragmenting now between consumer and business. XP is being deployed on home user machines more and more while Uncle Sammy won't even consider it.

Too bad for M$, it was just enough time for the alternative to gain heavy credibility.

So for home users, sure they'll get "protection". Sadly for M$, you screwed up too badly for too long. The Linux genie will not go back into the bottle.

Thankfully for all of us.

This happens most often in dictatorial regimes, but democracies are not immune, and the US has its history (cold war? remember?).

Yeah, like the Rosenbergs!

Whoops, guess not. Turns out the Venona transcripts show pretty clearly that they were in fact spying against our nation, that the American Communists were in fact lackeys of Moscow, and that many of Joe McCarthy's allegations were correct.

I'm glad the Communists were persecuted during the Cold War. It is clear they were enemies of this nation, and deserved all they got and then some.

-ccm

CLIT and KLERCK, who were working for the NSA and NASA respectively, told me about it via email.

It wasn't announced to the general public for fear of causing instability in the Middle East.

CLIT and KLERCK, who were working for the NSA and NASA respectively, told me about it via email.

It wasn't announced to the general public for fear of causing instability in the Middle East.

• I am interested in hearing about examples of corporations and government agencies, from around the world, using GPL software as part of an inhouse development effort.

Well, the NSA seems to be pretty keen on Linux. I know they're not that big or important, and they don't know much about technology or the law or anything... ;-)

I am a lone out post of open source in the military agency where I work. My solution, just show them the NSA funded SE Linux information.

Who are the green suiters going to trust? A bunch of paid "think tank" lackeys or the good ole spooks behind the triple fence? If it WASN'T safe I don't think the NSA would be wasting it's time on it.

So far NSA's advocacy has been used to let me get away with all kinds of open source implementation. The MITRE report was even sponsored by the Army. I haven't even exploited that angle yet.

You could take a look at the NSA's Security Enhanced Linux patch, which allows for a much finer-grained control over access to files on the system. It's a bit complex but it sounds like the answer to your question.

NSA SELinux is (currently) not meant to be a secure Linux distribution. It's rather something like a "Demo"-Implementation of MAC in the Linux-Kernel.

Quotes: NSA SE-Linux FAQ
13.Is it secure?
[...] Put another way, "secure system" means safe enough to protect some real world information from some real world adversary that the information owner and/or user care about. Security-enhanced Linux is only a research prototype that is intended to demonstrate mandatory controls in a modern operating system like Linux and thus is very unlikely to meet any interesting definition of secure system. [...]

16.Did you try to fix any vulnerabilities?
No, we did not look for or find any vulnerabilities in the course of our work. We only changed enough to add our new mechanisms.

You can find the full SE-Linux FAQ here

Interesting that the NSA security enhanced linux is not even mentioned.

http://www.nsa.gov/selinux/

--
I vote for OpenBSD

Uhhh, yes, they have an interest in it, and they seem to like it also.

It seems like everyday more and more Governments are using Linux as a solution to their computing needs. Checkout what the NSA is working on for Linux (including source). EVEN the US government is using Linux ( micro$oft home base) is located !!
Here's an intresting article from Wired that covers Linux use expansion into governments. Finally the government is waking up to the fact that our tax dollars do not havto goto those greedy bastards.

security, linux, and did you say NSA?.
NSA's Security-Enhanced Linux

Because they have the source for their Security Enhanced Linux available for download. We'd better tell them that security through obscurity is much more efficient, eh? ;-)

The NSA does disclose there systems. If I remember correctly the NSA had a helping hand in many of the publicly available crypto routines.

They also released Secure Linux

Also the NSA is also about *breaking* systems, which they thankfully don't release the source to.

I am a lone out post of open source in the military agency where I work. My solution, just show them the NSA funded SE Linux information.

Who are the green suiters going to trust? A bunch of paid "think tank" lackeys or the good ole spooks behind the triple fence?

So far NSA's advocacy has been used to let me get away with all kinds of open source implementation.

Of course, NSA has an agenda too I'm sure but that's between the military and NSA.

No one does it, which is why security is in sucha sad state of affairs, but what you want is an operating system that supports mandatory access control. Like Security-enhanced Linux, for example.

I was disturbed to read in the report that DoD is now suspended from using software that has not been checked by the NSA. I hope that this applies to networking and web hosting software only . . . and that Mitre is on the task (as an NSA contractor) to test Linux and make sure it gets a presence soon in that front.

Nah, they can just use the NSA's Linux Distribution...

neither NSA nor Echelon officially exist...

Uh, not only does the NSA exist, it even has a website, complete with slightly worrying kids' section.

neither NSA nor Echelon officially exist...

Uh, not only does the NSA exist, it even has a website, complete with slightly worrying kids' section.

Actually, they (the NSA) HAVE released the source code for their kernel modifications.

I would like to think that the cryptanalysts at the Dept of Defense would be fully versed in the fallacy of Security through Obscurity, and would make their voices heard.

Actually, there's probably very little cryptanalysis that really goes on within the DoD. It's the National Security Agency that's responsible for the codebreaking and code-making. As far as I can tell from their "About" page, they're technically as independent of the DoD as the CIA and FBI are. Of course, these agencies are supposed to work together, but the recent flap over how much the gub'ment knew about a possible al Quaeda attack show just how little communication can go on between field offices of the same agency, not to mention between separate agencies!

I would like to think that the cryptanalysts at the Dept of Defense would be fully versed in the fallacy of Security through Obscurity, and would make their voices heard.

Actually, there's probably very little cryptanalysis that really goes on within the DoD. It's the National Security Agency that's responsible for the codebreaking and code-making. As far as I can tell from their "About" page, they're technically as independent of the DoD as the CIA and FBI are. Of course, these agencies are supposed to work together, but the recent flap over how much the gub'ment knew about a possible al Quaeda attack show just how little communication can go on between field offices of the same agency, not to mention between separate agencies!

You should visit the selinux website sometime. It may give you a clue. Now to demonstrate my ability to cut and paste: 3 selections from their selinux faq:

13. Is it secure?

The notion of a secure system includes many attributes (e.g., physical security, personnel security, etc.) and Security-enhanced Linux addresses only a very narrow set of these attributes (i.e., mandatory access controls in the operating system). Put another way, "secure system" means safe enough to protect some real world information from some real world adversary that the information owner and/or user care about. Security-enhanced Linux is only a research prototype that is intended to demonstrate mandatory controls in a modern operating system like Linux and thus is very unlikely to meet any interesting definition of secure system. We do believe that the technology demonstrated in Security-enhanced Linux will be valuable to people that are building secure systems.

15. Will Security-enhanced Linux be evaluated by the CCEVS?

Security-enhanced Linux has not been evaluated and there are no current plans to have it evaluated. Security-enhanced Linux is not designed to address a complete set of security concerns as represented by a protection profile. Although it would be possible to evaluate its current functionality, we believe such an evaluation would have limited value. We do look forward to insightful reviews and critiques of the work as part of working with the Linux development community. We also hope to work with others to incorporate this technology into a more complete system that would be a more appropriate and useful target of evaluation. (For more information about CCEVS evaluation, visit their web site at http://niap.nist.gov/cc-scheme/.)

17. Is it approved for government use?

Security-enhanced Linux is not part of any currently approved version of Linux and has no special or additional approval for government use over any other version of Linux.

"Stenbit said he is unaware of any open-source software that has been tested."

Yes, the NSA Linux security patches are visible right on the front page of the NSA site. That does not mean it has been tested nor audited (not that auditing without source code is a useful exercise).

Why was Linux chosen as the base platform?

Linux was chosen as the platform for the work because of its growing success and open development environment. Linux provides an excellent opportunity to demonstrate that this functionality can be successful in a mainstream operating system and, at the same time, contribute to the security of a widely used system. A Linux platform also offers an excellent opportunity for this work to receive the widest possible review and perhaps provide the foundation for additional security research by others.

Why was Linux chosen as the base platform?

Linux was chosen as the platform for the work because of its growing success and open development environment. Linux provides an excellent opportunity to demonstrate that this functionality can be successful in a mainstream operating system and, at the same time, contribute to the security of a widely used system. A Linux platform also offers an excellent opportunity for this work to receive the widest possible review and perhaps provide the foundation for additional security research by others.

SELinux is not well understood. NSA has built a version of Linux with a mandatory security module. The idea is to allow people to experiment with a system that enforces mandatory security (which can be tough to live with) and to develop apps that can work within that model.

If you want to move things along, download SELinux and make some application work within a mandatory security model.

To that end, the Defense Department is now prohibited from purchasing any software that has not undergone security testing by the NSA. Stenbit said he is unaware of any open-source software that has been tested.

See their selinux page.

Theoretically PGP in the early days could use RSAREF from RSA Labs but it needed some calls that were not in the published interface and thus broke RSA Labs non-commercial licence.

The thing is that Phil requested that none of our software was GPLed as he wanted to try to use parts of it commercially. Fair enough, he would keep the non-commercial version as open as he could. Actually it was pretty open by then because contributors were working in France, Germany, even, I think, Russia.

When the program was first passed to Viacrypt. They had there own licensed RSA engine and could drop it into PGP. However PGP still used another patented algorithm, IDEA. This had to be licensed (about $15) for commercial users.

Viacrypt then got swallowed by NAI or at least PGP was transferred with it together with Phil Zimmerman. PGP moved away from algorithms like RSA and IDEA so didn't have so many patent issues. We ended up through Phil's efforts with a version of PGP free for non-commercial use an a licensed version for the corporates. However, many of the platforms were dropped.

The source code of PGP was printed by MIT in an OCR freindly font and the whole thing was exported legally to Norway, scanned nd put up on the pgpi server. Later, NAI did something similar to get the code to their office in Switzerland and with the availability of commercial PGP in Europe, the free version went non-commercial only.

NAI stopped publishing source code after 6.5.8 so a lot of people stopped there with that release. Strangely, a commercially licensed user was not allowed to recompile from the free source.

Ok, history lesson over. PGP always has had a bit of a chequered past because some people don't like it one little bit. It was a difficult product to sell but NAI seemed to have had a steady business with it. That they dropped it after 9/11 came as no suprise to anyone (it may have been making money but not enough to want to compromise sales of other s/w to the US government). However, in the background we have the OpenPGP standard (well, RFC) being developed that gave a chance for other interoperable programs like GnuPG to be developed. This project has the backing of the German government, who seem to believe in strong encryption for the masses. The software is currently far from perfect (try recompiling the Windows version), but it works and without the patented algorithms. There are some front-ends that make it reasonably user friendly. It isn't there yet, but it will be.

In the mean time, I have seen PGP in use in Central Asia, not by terrorists, but by a Central Bank for interbank money transfers. That terrorists and criminals have used PGP is certain, but so do people like Amnesty and the Red-Cross. The use of PGP to co-ordinate attacks against the US is a massive red-herring to cover up incompetence by the FBI and INS.

Please name an operating system that is secure.

If by "secure" you mean "100% secure", then you're right, there isn't. In any case, an OS is only as secure as the Administrator that sets it up.

However, if by "secure" you mean "a lot more secure than any Microsoft OS", then I suggest you look into the NSA's Security-Enhanced Linux. And, yes, the source code is available. The fact is, MS products were never designed with security in mind, and therefore are intrinsically less secure than many other OSes, including a well-configured Linux or BeOS installation. It's not a matter of personal opinion, now: even Allchin candidly agrees!

The currently showing British movie, "Enigma" (reviewed recently on /.) also misrepresents history.

In this movie the Brits invent the "bombe" decryption machine and crack the Enigma. In reality however, the importance of Engima was first discovered by the Polish intelligence service, who were the first to crack it. Poland provided England with full specifications for Engima and the design of the "bombe". Engima started as a commerical product, so it's basic design was not a secret. The Brits did excellent work in building on this treasure, but this Brit movie was as unfair to Poland as U571 was to Brittian.

The U.S. did by far the most spectacular reverse engineering job of the war when it reverse engineered Japan's "Purple" machine without ever seeing the real thing.

If you are interested in this subject, you must visit the NSA's National Cryptologic Museum .

Jim

If you're interested in cryptography, and you can get to Maryland (USA), visit the National Cryptologic Museum. Among other things, they have an Enigma there. If you can't go and visit yourself, here's their picture and a short description of the Enigma. They have lots of other exhibits too, and there's no entrance fee. Last time I visited, they even let you play with an Enigma, so you could encrypt and decrypt messages with it.

If you're interested in cryptography, and you can get to Maryland (USA), visit the National Cryptologic Museum. Among other things, they have an Enigma there. If you can't go and visit yourself, here's their picture and a short description of the Enigma. They have lots of other exhibits too, and there's no entrance fee. Last time I visited, they even let you play with an Enigma, so you could encrypt and decrypt messages with it.

As someone in the Information Security field, I am constantly working to improve the security of Linux machines.

One of the low points of Linux administration is that very few daemons are chroot'd, and the few that are, dont have much protection because of the Linux kernel's very weak chroot protection.

Projects like OpenWall, GRSecurity, and SELinux (from the NSA), all attempt different solutions to this problem.

Of course, they are all incompatible with each other, but the problem remains that the Linux kernel, as shipped by RedHat is insecure when it comes to chroot protection.

Will this ever change, does RedHat care, and if so, which of these projects do you personally feel is most appropriate to lead the way in the future?

I guess by first, they really mean second.

And as for worrying about what the FBI will do, I imagine that the FBI will just let the NSA (National Security Agency) do their jobs.

Sorry, normally I don't complain but sometimes I just can't help it.

It's been said before and it bears repeating...

If it can be done, chances are that someone has been doing it for a long time.

I know you were talking about Windows, but all of those ideas will be implemented by Debian sometime (hopefully soon) (it currently lacks package maintainer sigs) and are implemented by NSA's SELinux. In fact, Russell Coker has already put the selinux packages into the Debian database, so only the first part needs to be implemented in full now.