[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    airfhack--secure/hacked web server
From:       mrwilhe () odin ! cmp ! ilstu ! edu
Date:       1997-01-02 18:59:26
[Download RAW message or body]

for some reason this was not posted the first time i sent it:
On the idea of the ram mem--it would have to be something special--only
changed by physical means(rebooting?)--one could not inflict something of
non-physical forces to change the ram. (sorta like bios holding a
passwd--you can clear the password by  taking the chip out -- yes i know
there are ways around this, but something similar for the ram mem/disk would
suffice to keep it from being hacked.  

Another statement that was brought up was that cd-rom or other write once or
a physical write lock on the hard drive(hd prob more practical) would being
able to change the page often-- my statement i made at first was meant for
only sites that don't change there pages often -- not pages such as
www.news.com.  I don't believe that the  main pages of the
cia/dia/fbi/nsa/ni/and other sites that hold stats.....  change there pages
that often.  

fsh <mrwilhe@odin.cmp.ilstu.edu>
<<<the only system that is truly secure is one which is switched off and
umplugged, locked in a titanium lined safe, buried in a concrete bunker, and
is surrounded by nerve gas and very highly paid armed guards.  Even then I
wouldn't state my life on it." Gene Spafford>>> <more true than we would
like to think>


The following are some of the major points made on this subject (sorry if i
left out some).

"Seriously: why not just put it on a separate disk which is mounted
> read-only?  If you want to go further, you could buy a suitable harddisk
> which can be write-locked by hardware. 
regards:jamie"


" The Web server would have to be based on all write once media -- from the
> Operating systems and all other aspects, otherwise the attacker would just
> redirect the homepage contents to a hard drive.  

Doesn't matter, I could just launch a server that redirected you to a 
site with the content mirrored and altered, or serve the pages out of 
memory, or off of RAM disk."
From: "Paul D. Robertson" <proberts@clark.net>


"A CD-ROM -based web server would be fine if you created web pages,
pressed a CD, and then never again expected to add/delete/modify
the content. But this is The Real World (tm)."
Mark Johnson <mark@hercules.reno.nv.us>


"Not to disagree with anything Paul has said, because I don't, but the
original premise was government web sites not high volume web sites. How
often does the Air Force's web pages need to change? Not too often I
would wager, they don't *need* re-visits, they don't have advertising
(at least I would expect they don't, I haven't checked actually), they
are there just to provide some mostly static information. Given that, I
think there is merit to a write-once media approach. But not, as Paul
and others point out, as a general solution."
Dave Kinchlea <security@kinch.ark.com>

[from Michael Idengren:]
> I don't know about the rest of you but I agree with the idea of putting a
> webserver on a CD-ROM.

[from Thomas Leitner:]
> why not just put it on a separate disk which is mounted
> read-only?

[from Dale Drew:]
> Using a CDROM web-server doesn't provide resistance to an 
> attacker who gains access to the system as ROOT...

Keep in mind that this entire thread assumes that the attacker will *not* 
take an easier approach, such as compromising the DNS records that point to
the server.  In this case, the attacker can create any web content they like,
spend all the time in the world creating it, and then quickly convince the
DNS servers that www.foo.com now resolves to the new (fake) address.  Securing
your www server is just a first (although important) step.

I do think read-only media is an interesting idea, by the way :)  Dale is 
right though, there are still vulnerabilities.  Personally, I like the idea 
of marking the files immutable myself.  This way, even root can't change the
content unless the machine is brought down into single-user mode.  Not sure
how many other operating systems support this other than (the great) BSDI
though.

Happy new year (2 minutes to go...),
Norm


1.  My comment was partially meant as a joke, it's horribly impractical
for ISP's and Univerisities and such to require operator intervention
every time a webpage needs to be updated.  Such a level of paranoia
*might* only be appropriate for government agencies and authoritative
advanced research sites.
From: Michael Idengren <midengre@stetson.edu>

[prev in list] [next in list] [prev in thread] [next in thread]