Yeah, people on other unices actually write scripts to do work. They get triggered, and run as user "oracle" or something like that.
Generally out of cron, which runs them as user oracle in a vanilla controlled environment, not whatever random or malicious environment some user running the scripts externally might set up.
. Instead, we'll get something worse: people writing binaries that SUID and execute any random shell script
Like sudo? For interactive work Mac OS X already has a mechanism to do this more safely, and for batch... well... if they're not already doing it for Linux systems that don't support setuid scripts, and didn't do it for UNIX before the brief life of setuid scripts, why would they start now?
TANJ, man, setuid scripts didn't even exist as a concept for most of UNIX lifetime, because scripts were run by the shell... not directly by the kernel: every program out there did something like:
if ( (pid = fork()) == 0 ) {
execl(program, program, filename, NULL); /* exec failed, try it as a script */
execl("/bin/sh", "sh", program, filename, NULL); /* panic! No shell! */
perror("/bin/sh");
exit(-1); } ...
Obviously in this scenario, since/bin/sh isn't setuid, setuid scripts won't work. Until they came up with the "#!" hack in the '80s there wasn't even a mechanism by which setuid scripts could be implemented.
It didn't take long before it was obvious that setuid scripts were a REALLY bad idea, and they've been backed out of one UNIX version after another. this isn't a matter of redefining a feature as a bug, it's a matter of asking "what took you so long?"...
Whoever approved this story should be ashamed of themselves. There's more than enough REAL news that matters...
People constantly are coming up with new ways to get a phone, run up a huge airtime bill, and then disappear.
That sure sounds good, but if he'd said that I'd still have called bullshit.
I was buying a prepaid card... it's good for a certain amount of airtime and then it goes dead and I was paying for the airtime ahead of time and I was providing my own phone.
The company had absolutely NO exposure that would justify a deposit. None. It's not "a perfectly reasonable precaution", it's a scam.
they aren't saying that you're a criminal any more than you're saying you're a reckless driver by buying insurance.
This is like requiring I take out car insurance to ride in a Taxicab.
How about the example of a work laptop which is plugged in at home, exposing it to various risks and is also VPN'd into the corporate network and also dock to the corporate network while at work.
If it's running Windows, of course it needs a client firewall in that case. Not because a client firewall is a great solution, but because Windows has no better solution in that case. Then the biggest risk becomes third party software (games and stuff, particularly the kind that is subsidised by spyware), same as with non-windows boxes.
If it's VPNed in, then the VPN solution has to include a firewall between it and the corporate network as well. That's sort of non-negotioable... a VPN brings the machine at the other end into the network boundary... so you have to treat it as part of your firewall.
And if a customer needs privileged access then that customer gets his own DMZ with proxies for the servers they need access to. I simply don't see how a client firewall on a customer's laptop can be trusted to enforce my security policy. Seriously. How would you implement it? In a lot of cases neither I nor the customer even has legitimate administrator access to their laptop to install the client firewall with.
Yeh, I know. The problem is that people don't use it as one line of defense, they use it as their only line of defense. They don't bind apps to specific interfaces and use a network level firewall and MAC-lock their switches in the data center and use client firewalls, they turn on their XP SP2 client firewalls and stop there... and then pass out FUD about how XP is not more secure than Brand X because XP comes with a firewall on by default.
2-way communication doesn't happen on spoofed IP addresses
If someone is inside your external firewall so they can spoof the IP address, then they can respond to the packets. If you don't have an external firewall you're proving my point about people NOT using client firewalls as part of a layered defense.
Client firewalls are just as, and often more protective than a perimeter based firewall because it protects you against inside worms.
No to any significant extent. Because so much of Windows Networking operates over named pipes that all use the same set of well known ports, you really can't do any effective blocking at the IP level and still allow your business software to interact with other computers.
For internal business unit firewalls, if all you can do is client firewalls, I guess that's all you can do.
For example, for customers and vendors, we have a customer DMZ that's got its own firewall and internet connection and no direct connection to the internal LAN. It doesn't even run over the same switches.
be advised that your boxen are open to attack by botnets that mine are protected from because of their client firewall.
Really, how do they get through my border router, proxy firewall and the Cheswick-Bellovin-style dual-router DMZ between business units?
That's the "layered defense" I'm talking about.
I'm not particularly interested in continuing to defend the virtues of a client firewall, because it's like arguing the virtues of using a seatbelt.
I'm using two layers of external firewall with a DMZ and a proxy server. You're wearing a lapbelt. I'm wearing a three-point racing harness *and* driving with a spotter.
The firewall isn't intended to protect the data against sniffing, it's intended to protect against unwanted connections. SSL or SSH don't do this, they only protect the data against sniffing
If SSH allows anyone to connect without a password or key, you've got a really funky configuration. SSL can be configured to do the same thing. Both of them do a much better job protecting you against unwanted connections than IP-based security because it's a lot harder to spoof an RSA or DSA key than an IP address. If you're REALLY worried about encryption overhead, then run with cipher=none.
But since the switch is also properly firewalled, this won't happen unless it's done by a human being in the data center. If that's the case, they can simply take my machines offline and reboot them in rescue mode, having full access to the data anyhow.
In that scenario, what exactly is your client firewall protecting against?
Face it, client firewalls are an absolutely essential tool in properly securing a box.
They're a "better than nothing" tool if your application can't be properly configured or you can't set up a secure network.
BTW, for what it's worth, my database server's firewall log tells me about several failed attempts to connect to MySQL's port every day from a variety of IP's.
Then your switch is not, despite what you claim, properly firewalled and on a trusted LAN. If it was, the external firewall would be keeping them from getting that far.
Why all this elitism and defensiveness whenever the topic of client firewalls comes up?
Because of all the FUD going around about the fact that Mac OS X doesn't ship with the firewall on by default. People are actually saying Windows XP SP2 is more secure because OS X doesn't use a firewall to protect services that aren't running.
Why would the guy want to run an SSH tunnel on his network to connect two systems?
If you're worried about someone sticking a box on your network to mount an attack, then you should be watching out for sniffers as well. If your external firewall can keep sniffers out, then you don't need anything inside. If you don't have an external firewall, get one... at least a cheap NAT router!
It's a home network, not the friggen CIA.
I don't know what the "friggen CIA" uses, but a cheap home-office router is hardly excessive caution. I personally prefer a proxy-only firewall with electrically disjoint subnets and a separate DMZ for each trust domain... I suspect the "friggen CIA" is even more cautious.
My experience is that Windows requires significantly more time from real live humans, either support people or from people fucking around with Windows annoyances instead of working, than Microsoft wants you to believe. And humans cost a lot more than hardware or software.
But if you're going with open source servers, then using the same OS (BSD, Darwin, OS X, Linux, they're all pretty much interchangable) on your desktop is a big win. And most of your desktops can use a Mac Mini for $500, if it breaks swap out another one just like you're already doing with your Wintel desktops... it's way cheaper than Applecare *or* Windows annoyances for any size office.
If you're going with Windows servers, I guess there's SOME point to Windows desktops, but if you're going with Windows servers, your TCO just shot through the roof.
Re:Why is stealth mode pointed out as special?
on
Tiger's 200 New Features
·
· Score: 2, Insightful
Sounds like a job for UNIX domain sockets and proper file system permissions.
Only if his webserver and database server are running on the same machine.
If they're not, you should be using SSL or an SSH tunnel.
If this is still not acceptable, then your options are clear. Do not use XP or any microsoft product from now on.
It's not acceptable that they even implement that option. I'll continue to use Windows 2000 so long as I need to use it, and so long as it continues to work. Where I don't need it, I don't use it... it's not like there's any technical reasons for using Windows other than the applications barrier, and since Apple dumped the appalling OS 9 and came out with a real operating system at last I've had less and less reason to use Windows.
NT Kernel: boobytrapped. OS X Kernel: open source.
Why should there even be a question which one to use?
One big thing I noticed is that W2K takes f-o-r-e-v-e-r to start up on the exact same hardware at work compared to XP.
XP does two things to get this effect. First, it pretends to be "up" before it's really finished booting. W2K does that as well, but it's not nearly as aggressive. Second, it caches stuff that's loaded at startup. That's a nice touch, but faking out the boot sequence is just plain evil and rude.
Sigh. Look up "defense in depth" as it applies to system security.
People typically aren't using client firewalls as part of "defense in depth". They use then instead of properly securing their services, then something funky happens, they turn off the firewall just to work around a problem, and zap.
I've seen it more than once.
What about folks with laptops in varied network environments, but who want to run services for local consumption?
Bind the services to localhost. If you can't do it through the GUI, then tweak the config file or replace the daemon with one that can do the job. If localhost isn't good enough, bind it to a UNIX domain socket. If that can't be done, well, you HAVE the source code. Fix the real problem, first. Client firewalls should be your last resort, not a replacement for the "defense in depth" you're talking about.
Apple Geneva, the Helvetica take-off? All the other Apple "city" fonts? All the versions of Courier, Letter Gothic, and of course Helvetica again and again and again?
The appearance of fonts can not be copyrighted in the US, which means in practice they can't be copyrighted. That's why there's lookalike fonts all over the place.
But, even if you ran out of times to activate over the Internet, doing this over the phone is a joke.
You've clearly never the situation where you're sitting in front of a computer in an un-air-condtioned service shack in an oilfeild, the pilot's waiting to fly you back to town in half an hour, you've got a bag of parts and no phone service within 50 miles, and there's a bunch of oilfield workers standing around waiting for you to get the computer up again because they're going to lose their bonuses if you don't.
The very idea that it would be considered acceptable that the operating system of a computer would disable itself if you swapped out too much hardware is, well, simply mind-boggling to me. I don't care how easy it is to "snow Microsoft", this is just utterly incomprehensible. I can not conceive of the confusion in the mind that would lead to any other conclusion.
Try Capitalism: the Unknown Ideal and The Virtue of Selfishness, both by the epochal 20th-century Russian-American philosopher Ayn Rand.
Tried that, required an emetic. I have a soft spot for libertarian philosophy, but there's some things even I can't swallow. Rand's technique of taking a very small part of life and stamping it out like some kind of mad philosophical stencil over everything whether it's applicable or not is why, when people come up with lists of widely accepted moral and ethical works, Ayn Rand's are rarely to be found.
Heck, she doesn't even manage to come up with a really convincing science-fictional handwave for your points #1 and #3, let alone a "proof".
I've had more hardware problem and decreased reliability with 2K over XP.
I've run into a few devices recently where the manufacturer obviously didn't consider Windows 2000 in their drivers, but for devices that support specifically Windows 2000 drivers I can't tell the difference.
That's the bottom line for me. I can't find anything that XP does for me that 2k doesn't do just the same. I'm not a gamer, so I don't know if this is true at the bleeding edge of hardware and if I were I might be more inclined to try Windows XP. But not if the only improvement is a time-bomb set to go off if I don't register my computer with Microsoft.
On the sides. Jogwheel or paired buttons and a "go" button on either side. Then hold the device normally... now you can scroll normally with either hand, and make the button opposite the "go" button a "menu" button. A handheld doesn't have a large enough screen to make 2d navigation essential... just scroll through menus and hit "go" or "menu" for submenus.
And the Win2k to WinXP move, while also having some big under the hood changes (firewall, signed drivers etc), mostly had big UI changes (themes) and Fast User Switching, Automatic Updates (also in 2kSp3 onwards) etc. For the user, and the developer, it was probably worth the price.
Was it? I've eventually backed Windows XP out of every machine that came with XP installed, because it doesn't seem to have any useful functionality not already provided by Windows 2000. The big difference between 2000 and XP is the boobytrapped registration mechanism, and that's got negative value.
I suspect I'm going to be forced to upgrade to XP at some point, and accept the increased hardware requirements and decreased reliability, but I'm damned if I'm going to let anyone tell me it's worth the price. It wouldn't be worth the price even if it was free.
Yeah, people on other unices actually write scripts to do work. They get triggered, and run as user "oracle" or something like that.
Generally out of cron, which runs them as user oracle in a vanilla controlled environment, not whatever random or malicious environment some user running the scripts externally might set up.
. Instead, we'll get something worse: people writing binaries that SUID and execute any random shell script
Like sudo? For interactive work Mac OS X already has a mechanism to do this more safely, and for batch... well... if they're not already doing it for Linux systems that don't support setuid scripts, and didn't do it for UNIX before the brief life of setuid scripts, why would they start now?
"There are many methods which have been used to gain root priveledges from a Unix SUID (Set User ID) script or program." -- What Security problems...
SETUID != SETUID ROOT
Badly used setuid is a nightmare.
Properly used it's paradise.
Isn't ping still run with setuid to root on most Linux systems?
PING IS NOT A SCRIPT
It didn't take long before it was obvious that setuid scripts were a REALLY bad idea, and they've been backed out of one UNIX version after another. this isn't a matter of redefining a feature as a bug, it's a matter of asking "what took you so long?"...
Whoever approved this story should be ashamed of themselves. There's more than enough REAL news that matters...
People constantly are coming up with new ways to get a phone, run up a huge airtime bill, and then disappear.
That sure sounds good, but if he'd said that I'd still have called bullshit.
I was buying a prepaid card... it's good for a certain amount of airtime and then it goes dead and I was paying for the airtime ahead of time and I was providing my own phone.
The company had absolutely NO exposure that would justify a deposit. None. It's not "a perfectly reasonable precaution", it's a scam.
they aren't saying that you're a criminal any more than you're saying you're a reckless driver by buying insurance.
This is like requiring I take out car insurance to ride in a Taxicab.
How about the example of a work laptop which is plugged in at home, exposing it to various risks and is also VPN'd into the corporate network and also dock to the corporate network while at work.
If it's running Windows, of course it needs a client firewall in that case. Not because a client firewall is a great solution, but because Windows has no better solution in that case. Then the biggest risk becomes third party software (games and stuff, particularly the kind that is subsidised by spyware), same as with non-windows boxes.
If it's VPNed in, then the VPN solution has to include a firewall between it and the corporate network as well. That's sort of non-negotioable... a VPN brings the machine at the other end into the network boundary... so you have to treat it as part of your firewall.
And if a customer needs privileged access then that customer gets his own DMZ with proxies for the servers they need access to. I simply don't see how a client firewall on a customer's laptop can be trusted to enforce my security policy. Seriously. How would you implement it? In a lot of cases neither I nor the customer even has legitimate administrator access to their laptop to install the client firewall with.
This means more flash on the net, I suppose.
I can't say I like that idea.
I wrote "about how XP is not more secure..."
I obviously meant "about how XP is now more secure..."
Sorry for the typo.
It's lines of defense, man.
Yeh, I know. The problem is that people don't use it as one line of defense, they use it as their only line of defense. They don't bind apps to specific interfaces and use a network level firewall and MAC-lock their switches in the data center and use client firewalls, they turn on their XP SP2 client firewalls and stop there... and then pass out FUD about how XP is not more secure than Brand X because XP comes with a firewall on by default.
2-way communication doesn't happen on spoofed IP addresses
If someone is inside your external firewall so they can spoof the IP address, then they can respond to the packets. If you don't have an external firewall you're proving my point about people NOT using client firewalls as part of a layered defense.
Client firewalls are just as, and often more protective than a perimeter based firewall because it protects you against inside worms.
No to any significant extent. Because so much of Windows Networking operates over named pipes that all use the same set of well known ports, you really can't do any effective blocking at the IP level and still allow your business software to interact with other computers.
For internal business unit firewalls, if all you can do is client firewalls, I guess that's all you can do.
For example, for customers and vendors, we have a customer DMZ that's got its own firewall and internet connection and no direct connection to the internal LAN. It doesn't even run over the same switches.
be advised that your boxen are open to attack by botnets that mine are protected from because of their client firewall.
Really, how do they get through my border router, proxy firewall and the Cheswick-Bellovin-style dual-router DMZ between business units?
That's the "layered defense" I'm talking about.
I'm not particularly interested in continuing to defend the virtues of a client firewall, because it's like arguing the virtues of using a seatbelt.
I'm using two layers of external firewall with a DMZ and a proxy server. You're wearing a lapbelt. I'm wearing a three-point racing harness *and* driving with a spotter.
I made that point too: once you get inside the firewall's trust boundary, the firewall ceases to be a firewall.
The firewall isn't intended to protect the data against sniffing, it's intended to protect against unwanted connections. SSL or SSH don't do this, they only protect the data against sniffing
If SSH allows anyone to connect without a password or key, you've got a really funky configuration. SSL can be configured to do the same thing. Both of them do a much better job protecting you against unwanted connections than IP-based security because it's a lot harder to spoof an RSA or DSA key than an IP address. If you're REALLY worried about encryption overhead, then run with cipher=none.
But since the switch is also properly firewalled, this won't happen unless it's done by a human being in the data center. If that's the case, they can simply take my machines offline and reboot them in rescue mode, having full access to the data anyhow.
In that scenario, what exactly is your client firewall protecting against?
Face it, client firewalls are an absolutely essential tool in properly securing a box.
They're a "better than nothing" tool if your application can't be properly configured or you can't set up a secure network.
BTW, for what it's worth, my database server's firewall log tells me about several failed attempts to connect to MySQL's port every day from a variety of IP's.
Then your switch is not, despite what you claim, properly firewalled and on a trusted LAN. If it was, the external firewall would be keeping them from getting that far.
* King Richard's Crusade now made obsolete by Robotics (previously Industrialization).
:)
I wonder why this rule change.
Why all this elitism and defensiveness whenever the topic of client firewalls comes up?
Because of all the FUD going around about the fact that Mac OS X doesn't ship with the firewall on by default. People are actually saying Windows XP SP2 is more secure because OS X doesn't use a firewall to protect services that aren't running.
Why would the guy want to run an SSH tunnel on his network to connect two systems?
If you're worried about someone sticking a box on your network to mount an attack, then you should be watching out for sniffers as well. If your external firewall can keep sniffers out, then you don't need anything inside. If you don't have an external firewall, get one... at least a cheap NAT router!
It's a home network, not the friggen CIA.
I don't know what the "friggen CIA" uses, but a cheap home-office router is hardly excessive caution. I personally prefer a proxy-only firewall with electrically disjoint subnets and a separate DMZ for each trust domain... I suspect the "friggen CIA" is even more cautious.
It's called TCO (Total Cost Ownership).
That's the Microsoft Mantra, yep.
My experience is that Windows requires significantly more time from real live humans, either support people or from people fucking around with Windows annoyances instead of working, than Microsoft wants you to believe. And humans cost a lot more than hardware or software.
But if you're going with open source servers, then using the same OS (BSD, Darwin, OS X, Linux, they're all pretty much interchangable) on your desktop is a big win. And most of your desktops can use a Mac Mini for $500, if it breaks swap out another one just like you're already doing with your Wintel desktops... it's way cheaper than Applecare *or* Windows annoyances for any size office.
If you're going with Windows servers, I guess there's SOME point to Windows desktops, but
if you're going with Windows servers, your TCO just shot through the roof.
Sounds like a job for UNIX domain sockets and proper file system permissions.
Only if his webserver and database server are running on the same machine.
If they're not, you should be using SSL or an SSH tunnel.
If this is still not acceptable, then your options are clear. Do not use XP or any microsoft product from now on.
It's not acceptable that they even implement that option. I'll continue to use Windows 2000 so long as I need to use it, and so long as it continues to work. Where I don't need it, I don't use it... it's not like there's any technical reasons for using Windows other than the applications barrier, and since Apple dumped the appalling OS 9 and came out with a real operating system at last I've had less and less reason to use Windows.
NT Kernel: boobytrapped.
OS X Kernel: open source.
Why should there even be a question which one to use?
One big thing I noticed is that W2K takes f-o-r-e-v-e-r to start up on the exact same hardware at work compared to XP.
XP does two things to get this effect. First, it pretends to be "up" before it's really finished booting. W2K does that as well, but it's not nearly as aggressive. Second, it caches stuff that's loaded at startup. That's a nice touch, but faking out the boot sequence is just plain evil and rude.
Sigh. Look up "defense in depth" as it applies to system security.
People typically aren't using client firewalls as part of "defense in depth". They use then instead of properly securing their services, then something funky happens, they turn off the firewall just to work around a problem, and zap.
I've seen it more than once.
What about folks with laptops in varied network environments, but who want to run services for local consumption?
Bind the services to localhost. If you can't do it through the GUI, then tweak the config file or replace the daemon with one that can do the job. If localhost isn't good enough, bind it to a UNIX domain socket. If that can't be done, well, you HAVE the source code. Fix the real problem, first. Client firewalls should be your last resort, not a replacement for the "defense in depth" you're talking about.
Apple Geneva, the Helvetica take-off? All the other Apple "city" fonts? All the versions of Courier, Letter Gothic, and of course Helvetica again and again and again?
The appearance of fonts can not be copyrighted in the US, which means in practice they can't be copyrighted. That's why there's lookalike fonts all over the place.
I call FUD.
But, even if you ran out of times to activate over the Internet, doing this over the phone is a joke.
You've clearly never the situation where you're sitting in front of a computer in an un-air-condtioned service shack in an oilfeild, the pilot's waiting to fly you back to town in half an hour, you've got a bag of parts and no phone service within 50 miles, and there's a bunch of oilfield workers standing around waiting for you to get the computer up again because they're going to lose their bonuses if you don't.
The very idea that it would be considered acceptable that the operating system of a computer would disable itself if you swapped out too much hardware is, well, simply mind-boggling to me. I don't care how easy it is to "snow Microsoft", this is just utterly incomprehensible. I can not conceive of the confusion in the mind that would lead to any other conclusion.
Try Capitalism: the Unknown Ideal and The Virtue of Selfishness, both by the epochal 20th-century Russian-American philosopher Ayn Rand.
Tried that, required an emetic. I have a soft spot for libertarian philosophy, but there's some things even I can't swallow. Rand's technique of taking a very small part of life and stamping it out like some kind of mad philosophical stencil over everything whether it's applicable or not is why, when people come up with lists of widely accepted moral and ethical works, Ayn Rand's are rarely to be found.
Heck, she doesn't even manage to come up with a really convincing science-fictional handwave for your points #1 and #3, let alone a "proof".
I've had more hardware problem and decreased reliability with 2K over XP.
I've run into a few devices recently where the manufacturer obviously didn't consider Windows 2000 in their drivers, but for devices that support specifically Windows 2000 drivers I can't tell the difference.
That's the bottom line for me. I can't find anything that XP does for me that 2k doesn't do just the same. I'm not a gamer, so I don't know if this is true at the bleeding edge of hardware and if I were I might be more inclined to try Windows XP. But not if the only improvement is a time-bomb set to go off if I don't register my computer with Microsoft.
On the sides. Jogwheel or paired buttons and a "go" button on either side. Then hold the device normally... now you can scroll normally with either hand, and make the button opposite the "go" button a "menu" button. A handheld doesn't have a large enough screen to make 2d navigation essential... just scroll through menus and hit "go" or "menu" for submenus.
What do you mean "was"?
And the Win2k to WinXP move, while also having some big under the hood changes (firewall, signed drivers etc), mostly had big UI changes (themes) and Fast User Switching, Automatic Updates (also in 2kSp3 onwards) etc. For the user, and the developer, it was probably worth the price.
Was it? I've eventually backed Windows XP out of every machine that came with XP installed, because it doesn't seem to have any useful functionality not already provided by Windows 2000. The big difference between 2000 and XP is the boobytrapped registration mechanism, and that's got negative value.
I suspect I'm going to be forced to upgrade to XP at some point, and accept the increased hardware requirements and decreased reliability, but I'm damned if I'm going to let anyone tell me it's worth the price. It wouldn't be worth the price even if it was free.