Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 20 million monthly users. It takes less than a minute. Get new users downloading your project releases today!
Anyone happen to know if the NSA (or a similarly respected group) has information on locking down, say, Red Hat 7.1? Can't seem to find it on their website... I'm sure they're running something other than just Win32.
Oh no! You gave our secret password away! And it will be so hard to change!?!!!? (We hardcoded it in with a 'if (password eq "nsaspooks") {logged_in=1;} else {logged_in=0;}'
"You mean, like NTFS' ACL? Which NT had since forever? "
No - because it applies to processes too. For example you can't cut and paste (or pipe, I don't think SE Linux has an X server yet) classified information into an unclassified document. Much more sophisticated than any form of file permissions.
I have been thinking of that myself and i got to the following conclusion:
If you compiled a hello world program or something similar you could easily debug, view using a hex editor or disassemble the code using any third party tools. That would mean that the "attacker" would have to own the compiler, debugger, and any other tool on the system that could be used to verify the integrity of the compiled code.
If i were the "attacker" i'd put the backdoors on the linked libraries (libc perhaps?) so any program running would be "infected" and they could not be debugged as easily as a simple program.
by Anonymous Coward writes:
on Thursday June 14, 2001 @12:20AM (#152374)
In a gigantic police operation many thousands hackers from a gang calling themselves "Slashdotters" were lifted from their beds and arrested this night for organising a massive DDOS (Distributed Denial Of Service) attack to the main NSA network. It is not yet clear which foreign country payed the leader of this gang known under the name Commander Taco to destabilize the national security of the U.S.
The NSA has the Win2k source code. It's very easy for universities and other establishments to get the source, slightly less easy for large companies, and slightly less easy still for small companies and individuals (although they're changing this as we speak...)
True, but just because they have the source doesn't mean they can hack on it or fork it like they can with Linux.
It's not just apps. The permissions granularity on the filesystem are often misunderstood and misused by sysadmins, who leave their machines open to attack. The issue here is that while Windows is all GUI and easy enough for a monkey to configure (if you're to believe Microsoft advertising), finer points like correctly using the granularity provided are often overlooked because no one knows how to use them. And of course Microsoft is never part of the solution here, they stomp all over their own guidelines (design, installation, security, etc) with their software, so it's a big case of do as I say not as I do.
There's an interesting post [securityfocus.com] on BugTraq that can be boiled down to "Win2k has some great granularity features... unfortunately the apps you are pretty much forced to use with it (Office2k, etc.) stink up that granularity."
Oh you're right about that. Sorry... I just skimmed it since I saw it on the ml and didn't reread it properly. I am curious if Office2k is affected now!
Indeed, I wonder if GNU/Linux distributions were to adopt MAC and CAPS more fully whether or not sysadmins would be up to the task... especially at smaller companies (like mine) where they can't afford the higher end guys to do simple internal MIS stuff. I've actually been kind of glad that Linux has not gone all ACLs yet due to the sheer complexity that that involves. But, when Linus does finally accept a patch for it, I'll thank my stars again that I transferred to the programming department!
They say [nsa.gov]:
"Because of the amount of interest in the Windows 2000 Security Recommendation Guides, we
are updating our Web site to better handle the demands placed on downloading the files. We
expect to make the guides available once again during the week of June 18, 2001."
NSA machines are taken down and scanned regularly for trojans and other guests. A good friend of mine is a physicist for several govt. projects of which he wont talk, but his laptop is replaced every two weeks or so.
Instead, I have to ask, did they return that code to the community?
Yes, they did - which is pretty remarkable for an incredibly secretive organisation like the NSA.
Did they attempt to prevent forking the kernel by offering the improvement for inclusion in the "standard" kernel?
By putting it out there under the GPL, they have. I don't know whether it's planned to integrate with the main tree or not - it may be that the features the NSA require interfere with other things more important for maintream use.
One computer per department that does not have knowledge on it is connected to the net, but is also networked to other boxes in the department that may or may not have knowledge on them. Those boxes, in turn are connected to other boxes in the building that may or may not have knowledge on them, etc....
While what you say is theoretically true, as a practical matter any machine that has any really secret stuff on it is always going to be air-gapped. That is, the machines that really have to be secure are simply not physically connected to the outside world, either directly or indirectly. It's the only way to be sure there won't be a remote exploit...
SELinux also has support for various forms of mandatory access control, and the related (and necessary for the same) labelling of data with
security-related information.
Shoving all that under "capabilities" and then
arguing that since win2k outshines linux in the
granularity of it's permissions model borders on dishonest. Security-feature wise, SELinux is
in a whole different ballpark (B1) from both win2k and Linux.
Pretending that that patch was necessary to get
Linux to be as secure as NT is dishonest (or ignorant).
I suppose technically you could still root it by using microwaves to power the circuits as well as read/write values (van Eck style) into the onboard cache of the processor. You've got a couple kilobytes in the BIOS memory you could use for runtime/firmware stuff. Granted you'd need to get some equipment really close to it but the water might provide a good way to cancel out noise. Hmmm.
I downloaded 'em all (except the three supporting docs that I wasn't interested in) before they turned off the pipe, so if they change something, I would notice. I don't expect them to, though.
The problem is not that they had to fork the linux kernel, but rather that they are forced to make do with whatever Microsoft allows them to do to make their servers secure.....
Forking the kernel can be a good thing, and it shows how flexible linux can be...
Why is this moderated to +5 Interesting? If you read the docs and follow the mailing list you will see that what they are doing is experimenting with manditory access control and the only reason they picked linux was because the source is available and there are a lot of people using it. The project does not aim to create a secure distro - only experiment with a single feature that could lead to more secure distros in the future (and probably not just linux distros)
Actually you are partly right and mostly wrong. They forked linux not to get it as secure as w2k but to make it a secure operating system. Since they had the source code to work with they have worked on adding features to linux to make it secure in a way that other operating systems can not be guaranteed to be.
With their linux dist they get many eyes looking at it and they can do anything they want with the source code to make it as secure as possible.
Given the choice of mostly secure which the nsa can get with w2k and redoing parts of linux to make it actually secure which would you choose? It seems obvious which one the nsa chose. Also they are more changes in their linux dist then just the kernel.
yeah right - "because our Win2k IIS server seemed to get DDos even after we posted our recommendations on securing Win2k against it we are migrating to Linux... we expect to have completed this the week after next"
Man, some of you guys are as automatic as a jack in the box. Give you the right stimulus, get the exact response.
For those of you over 17,
I'm going to tell you a story I heard in a movie. A little boy grows up hating his stern father because he punishes him, while he is very close to his mother because she protects him. He grows up and moves out. Later, when he's about 25, his mother dies unexpectedly at around 50. At her funeral, he's silent. His father continues to remain estranged to him but lives to an old age, and dies at 75 when the man is now 50. As he's standing at his father's graveside, he finds himself sobbing uncontrollably.
The point is that when his mother died, it was unfortunate. But, when the father died, the man, who hated his father so much, now no longer had the hate to keep him going.
The movie was a movie about how Nazis and Jews. It reminds me very much about how some of you act. Please be more interesting. [Saint Stephen]
ACLs provide very little security in
a practical sense because they are
almost impossible to administer.
Capabilities, (not the dumbass privileges of
POSIX) are the only easily administered general
security model. They are a lot less work for the kernel too.
It is simple for the child to have only the rights that the parent had at the time of the fork.
The trick is to have the child lose the rights whenever the parent loses the rights.
And they forked linux because they could it being open source and all. They would undoubtedly have done the same with win2k, but they can not because it is closed source.
The NSA has the Win2k source code. It's very easy for universities and other establishments to get the source, slightly less easy for large companies, and slightly less easy still for small companies and individuals (although they're changing this as we speak...)
So if a million of us chip in a dollar and pay for access to the W2K source all of us can see it? I don't think so.
The W2K source is available for corporations with the funds. There will never come a day when CompSci students can learn OS design by looking over MS's source.
I just tried to go to the SE Linux page and it looks to be pretty well slashdotted. I wonder if we'll see any stories about DoS attacks on the NSA in the news because of this post...
Step 1: Disconnect the network cable.
Step 2: Disconnect the keyboard
Step 3: Disconnect the mouse
Step 4: Disconnect the monitor
Step 5: Turn the computer off
Step 6: Unplug it
Step 7: Remove the harddrive and lock it in a safe somewhere where nobody will ever think to look for it, then promptly forget where you left it.
Step 8: Kill yourself just to be sure you don't accidently ever remember
Notice about the availability of the Windows 2000 Security Recommendation Guides:
Because of the amount of interest in the Windows 2000 Security Recommendation Guides, we are updating our Web site to better handle the demands placed on downloading the files. We expect to make the guides available once again during the week of June 18, 2001.
Why should I freely work for them for a product that they will turn around and charge me for, you ask.
If you're even a halfway productive beta tester, you don't have to pay for the OS. At least, i've never had to.
Plus, its knowing you have access to a pre-release OS in its formative stages, watching it grow and having more input than the average joe into the development of a platform destined to go on thousands of PC's. It also has benefits when it comes to one's career - When one of my previous employers moved to 2000, I already had extensive experience in 2000 and knew it intimately - moreso than any of the other NT admins. This provided a distinct advantage for me within the company which is beyond the scope of this post.
They finally post a/. article that isnt directly attacking windows - and seemingly people crawl out of the woodwork to provide a kneejerk reaction to the words "Windows" and "Secure".
Heres a small dose of insight, from someone who's beta tested MS operating systems for 5 years (or so.)
Microsoft listens to users suggestions. They may not respond to you, they may not integrate them into the OS. But they do listen. MS does not make an insecure operating system on purpose - Beta testers have a whole newsgroup to focus on security and how to improve it before the final build is released. Its part of their role and responsability to test for exploitable security holes - if you don't think they're doing a good enough job, how about you send a request to betareq@microsoft.com and ask to be on the next beta team for windows. Keep in mind though, they usually only want experienced users and there are checks and balances to make sure you're a functional beta tester - not just someone who enjoys bragging about having teh leet XP build #x.
The beta process is not perfect, IMHO - Bugs do get knocked down (i've thought for a long time they should let the beta testers moderate bugs) and i have an extreme distaste for setting a release date before the beta testers agree that testing is complete. XP is remarkable right now, but not perfect. This part is MS's fault.
If you have an intelligent, well-thought-out, non-kneejerk "windows sucks *chortle*" suggestion/comment regarding windows - you may go to http://www.microsoft.com/mswish/
(p.s. - When you list your beta testing experience, the following line is a bad, bad idea: "I tested (unofficially) Windows XP, 2000, ME, 98SE, 98.... you get the idea. har har har *snort*":)
NSA has two halves. One half has the purpose of recommending security systems (e.g. DES many moons back).
Ah yes - DES which was deliberately weakened from 128 bits (which was the original recommendation) to 40 (which the NSA could break but hoped nobody else could)
and this supports your argument how? --
I think it would be more appropriate to say they took an OSS product, and modified it to suit what they wanted it to look like - as doing so is one of the strengths of Open Source.
I doubt they actually WANT secure versions of windows out there - several governments seem to be viewing windows with mounting suspicion for official use.... --
That's not that hard, really. A program owned by some user will never have more permissions than that user, right? So just have a permissions mask for every program, as well as every user. ------
> The W2K source is [only] available for corporations with the funds. There will never come a day when CompSci students can
learn OS design by looking over MS's source.
Just because you can see source doesn't mean that it is open source. Microsoft won't let you change the source code or build your own version of w2k. They will (for a large fee) let you look at the source to make your code work better, but they have so many rules and restrictions on the code that it next to impossible to do anything useful after you've seen the code.
1) never ever give out your password (except to us of course - you can trust us (really!)).
2) use encryption, but only really stupid encryption so that we can read it.
3) please please please use Windows - it is waay more secure than unix ok? (really!).
4) all your base are belong to us
Great link, sorry I used up my mod points. One correction though, the posting doesn't mention Office2k, but "Word 97, Excel 97, Visio 5.0" (these are examples, not necessarily all the apps that have the fault mentioned). Pretty old programs to be using, especially if you're using Win2k for the OS. ---
Eh, doubtful. The method used to save a file that the article is talking about is rather Bass-Aackwards, of course, that makes it 100% suitable for an Micro~1 product. And the fact that it's present in Office 97 products removes the option to say "I can't see them doing file-saves like this". ---
In my experience, it's always the fault of stupid admins who don't properly setup and patch their OS (any). But, here it is in a simple nutshell, everything you need to run a secure W2K/IIS box.
Install W2K Server.
Install Service Pack 2
Install this IIS patch: http://www.microsoft.com/windows2000/downloads/cri tical/q293826
OK - lets see someone "root" that box. I can positively guarentee you won't find any box with these two simple patches applied being defaced!
Is this really that hard people? W2K is secure. IIS is not nearly - but can be with a single patch (it's a rollup of all previous patches).
So you worked for Microsoft for 5 years. I hope you made a lot of money. You certainly made them a lot of money.
Did you know that some beta testers even pay to test for Microsoft (as in: I bought winxx rc2 and sent in bugs)?
Has anyone a decent explanation for this behaviour? And is there a way I can make a profit from letting other people do the same for me? Please let me know.
A couple of years ago a Dutch computing magazine organized a contest to find the most bugs in Microsoft winxx rcx. You had to pay to buy the beta software (which would work for a limited time). Prizes were minimal: something like being mentioned in the magazine and somewhere on a website and some cheap electronics (Possibly you could even win some licences for the real thing, I don't remember).
Hundreds of people joined the contest. How is that for cheap labor;)
Yes, it's probably too elementary for your subtle and keenly-developed sense of computer security, but these guidelines might actually be useful to the great unwashed masses, many of whom die in droves while
crossing the street, talking to strangers, clicking through default W2K security settings
If 90% of the computer security fatalities are a result of supposedly trivial things to fix, that does not make it any less helpful and useful to suggest trivial fixes, given how much grief can be saved.
Anyone care to speculate on what DoD's reaction to a full-scale slashdotting would be? Given that they report routine pings and port scans as "attacks" I imagine their reaction to this unsolicited SYN flood would be similarly excessive.
Now, I've worked with security-clearance-required data before. I think it's absolutely fascinating to consider encoding the clearance level and need-to-know requirements into the filesystem. As others have noted, Linux is the only OS extant they could have done this kind of work with.
This is probably the most false claim I've ever seen on Slashdot. SE Linux is based on research into
Capabilities: A concept that is literally over a decade old in OS design as can be seen by the POSIX 1.E [xpilot.org] standard that never got drafted (although some people prefer to call what POSIX suggested "privileges" and the fact that many operating systems support "encoding clearance into the filesystem and OS" otherwise known as capailities including Spring [sunlabs.com], EROS [eros-os.org], KeyKOS [agorics.com], and Mungi [mungi.org].
Access Control Lists: Again this is an ancient concept which has been implemented in quite a number of OSEs including some versions of Solaris, *BSD and Win2K.
Both of these concepts are things that Linux either does not support or supports in a limited manner. Currently Win2K outshines Linux in the granularity of the permissions and security model and filesystem support for things like encryption. I'm not an OS bigot and run both OSes at home but seeing something so blatantly false and jingoistic just begs to be challenged.
Color me confused. Wouldn't it be fairly simple to force any process or file to have only the permissions of its creator? I thought that in standard-flavor Linux it was impossible for any user to give a file or process permissions beyond the user's own?
That's fairly easy and rather insecure. The hard part is limiting permissions in small chunks to different programs. Basically, the assumption is that any program is potentially hostile so you want them to run with the minimum amount of permissions necessary. For example, just because I can delete files, send emails and edit the registry in Windows doesn't mean that it is the wisest thing to have any script that runs from my email program have the same permissions that I do, the same thing goes for *nix and all those buffer overflow bugs that exploit setuid(). Ideally I should be able to say "start [web server of choice] but the only thing it can do is listen on port 80 and serve read files from directories A, B, and C and everything else is explicitly disallowed to the apache process"
Interesting, there are about 18 comments as I post this and over half are jokes about unplugging the computer to make it safe. The truth of the matter is that by NSA guidelines no popular operating system is secure enough out of the box and has to be extremely looked down.
What is perhaps even more interesting is that at least Win2K can be secured to a level that is suitable for the NSA, they actually had to fork the Linux kernel [nsa.gov] to get the same functionality out of Linux.
Okay, ignoring the ad-hominem "blatantly false and jingoistic" . . .
Sorry about that, its just sometimes people seem to just be as guilty of spreading FUD as the so-called "evil" corporations that it gets exasperating.
I apologise for those comments.
Now . . . you're saying, if I understand, that the NSA's SE Linux is just hacking the Linux kernel to put in some stuff that's been talked about and even done in other OSes for years?
And stuff that isn't even all that novel for Linux?
Yes and Yes. Actually what regular Linux is implementing (which is different from what the NSA is doing with SE Linux) is POSIX 1.e capabilities or "priviledges" which involves splitting up the permissions typically given to the root user (e.g. can connect to ports under 1024, can mount kernel modules, can change ownership of files, etc) into discrete entities that can be apportioned to other users and processes. This was something that the POSIX folks tried to agree on in the eighties (or is it seventies) but never came to an agreement on how best to implement it. Check out the Linux Capabilities FAQ [kernel.org] for more information.
The NSA is working on "true capabilities" which is being able to grant and revoke extremely granular permissions to all objects/entities in the system. This concept is similar to java.policy files [arm.gov] being maintained for every entity in the system. Making sure that policies can be tracked in such a manner that they are revokable is the most difficult part (e.g. if I lose permissions to connect on a certain port or write to a certain file, then every process or file that I've created should lose those permissions as well).
This is only to be used for non-spying means. Really. There is no need for users to worry about invasion of privacy as we at the NSA are above that.
Additionally, please ensure that you give your files clear names such as "Nuke blueprints" or "Kiddie Porn". We suggest this purely to help you organise your file system.
if you don't think they're doing a good enough job, how about you send a request to betareq@microsoft.com and ask to be on the next beta team for windows. Keep in mind though, they usually only want experienced users and there are checks and balances to make sure you're a functional beta tester - not just someone who enjoys bragging about having teh leet XP build #x.
Or, here's a radical idea, how about I use an OS that doesn't make me go down on my knees for the priviledge of exposing my computer to the risks of a beta version? Who's doing who the favor here, buddy?
The only "intuitive" interface is the nipple. After that, it's all learned.
ACL's, meaning you can give separate read/write/execute permissions to individual users. They don't necessarily need to belong to a certain group to get additional rights.
Additionally you can give users special rights on the OS that don't have anything to do with file permissions. For instance, you can set up accounts that act only to run server processes, and you might give that account permission to act as part of the OS.
Basically, Win2K security is designed around the user, whereas in UNIX security is designed around the file.
Um. May I suggest you read this [nsa.gov] document which explains the philosophy behind the kernel modifications.
Securing Windows 2000 and 'forking' (actually patching) the Kernel were both done with different goals.
In a nutshell, the modifications done to the kernel were done to impliment the 'Flask' security architecture, which (mainly) is about separation between setting and enforcing security policies, and how this is applied to the various types of resources. In addition, SELinux was the by-product of a research project, and is not used operationally by the NSA.
The suggested configurations for Windows 2000 have different goals, and is not a handbook for implimenting the Flask architecture on Windows 2000.
Backdoors are possible in Open Source - if you put them in the compiler.
Suppose I set up a website with my new compiler. I give a binary download and a source download. What I don't tell people is that the binary download contains extra code which adds a backdoor to the software it compiles. It also recognises when it is compiling itself and adds all this extra code.
So now you've got a corrupt compiler which generates back doors.
Of course you have to persuade someone to download the binary compiler first. But if they're working on a system without a compiler - that's exactly what they'll do. Or they installed the compiler direct from the CD.
I'm afraid the only way to 100% sure that your compiler is not corrupt in this way is to write your own. At least one that's good enough to compile another one.
Listen the NSA does use Windows / Linux / Sun basically what ever the person prefers. But all the computers are on a closed network that has no access to the Internet at all. I have been in Fort Meade (NSA Headquarters) and every department has Internet access but it is usually limited to one computer per department that doesn't have any kind of knowledge on it.
The whole point of the specifications that they realeased if any of you accually read the thing before you started bitching about it, was it was for government agencies that were looking to set up W2K systems. By government agencies they probably ment local and state goverment, because the federal government has a set standard for their servers, and it is not W2K. They were doing this as a service to all the stupid Admins out there that mess up their W2K system because they are to retarded to read the manual and set up a good security protocol, and then go on slashdot and complain that Microsoft sucks because the knowledge to set up the server wasn't so obvious a chimp could set it up.
We've been using these "Security Baselines" as we call them in our organization for a while.
We have a *LOT* of Win2K boxes spread over a continent, and whenever one's compromised, we always find that the administrator or operator was not following the baseline. I don't know of any baselined machines being compromised.
I work for an MS gold certified partner. As the network specialist, I implement MS, UNIX or Cisco based firewall/Proxy/whatever solutions, based on the customers needed. Because we're a MCGP, we have free reign over MS licenses, and can install basically all we need. This is great, because we have full access to any products we want to look at.
HOWEVER, I can't imagine what it's like for businesses/persons who have to pay for BS from MS. The cost of these products is outrageous. Sure win2k is a nice stable platform (I've been running it for over 2 months on one system, very hard on it, and it seems good), but the price? OMG.
Let me clarify this with one thing. I would gladly pay the price most companies ask for software because I know they have costs, and expect to make a reasonable return. However, knowing the sheer magnitude of the profits MS is making, surely their software doesn't need to be so expensive. They have billions and billions in the bank... Now I'm not saying they should stop turning a profit or give money back, but be reasonable about your greed!
Ack.
I also blame "boot camps" for the prevelance of MS products, but that's a whole other rant....
Max Inglis
...if I were really paranoid, I'd assume that the NSA is willing to tell people how to secure their systems because they already have a back [slashdot.org] door [slashdot.org].
I started reading the Guide to Securing Microsoft Windows 2000 File and Disk Resources [nsa.gov] and one of the first things they recommend is to "Apply the latest Windows 2000 service pack and security-related
hotfixes." I'm not MS bashing here, but isn't that a (cough) BAD IDEA?? I don't care if it's W2K, Linux, Solaris, etc. -- that's just not the way you run a production server, let alone a workstation that you are trying to make as secure as possible for sensitive info. You should always test out any patches/fixes/service packs. I would think the wording would be, "Apply the latest **NSA APPROVED** Windows 2000 service pack and security-related hotfixes."
Reams of NSA information on how to make your Win2k box "secure" just points out that Win2k was not meant for the large majorities of home users. Microsoft expects your Win2k system to be operated in a network. This includes allowing remote users to access your registry, view your clipbook, browse your directory, or connect to it via Telnet, right out of the box. It is not set up by default to be the gateway computer to the net.
I came up with a step-by-step checklist a while back for all my friends that were running non-networked Win2k home systems directly connected to the net. I don't know how good an idea it was to give step-by-step directions on how to change registry settings, but hey, no one has locked themselves out of their computer yet (at least that I know of). You can see it here:
http://www.gpick.net/sbr/security/w2ksecuritytips. htm
Typical beta testing will not uncover many of the really tricky security holes in a product. If you need proof of this, go look at the Critical Security Updates page for Windows NT 4.0. The full list of security patches since the original release reads like the first few chapters of the bible.
Unless MS is specifically recruiting thousands of beta-testers just to hack the security, they're not going to fix the important holes. I'm sure they're doing a certain amount of this sort of testing, but it clearly wasn't enough for their previous OSes. In any case, the sort of beta testing you suggest is generally not where you would expect to discover most of your security flaws. I really hope MS knows this.
Because of the amount of interest in the Windows 2000 Security Recommendation Guides, we are updating our Web site to better handle the demands placed on downloading the files. We expect to make the guides available once again during the week of June 18, 2001.
They've probably been working on the proper security settings since W2K hit the market, spending heaps of man-hours and tax dollars trying to find the right template that makes their data-protection job easier and web hosters happy. Then they make this template avaiable for public access and use (read "scrutiny"). Do you really think they'd foul the whole thing up by then inserting a back door that the whole internet-surfing world could see for themselves?
Before trying to accuse the NSA of putting a private back door into your OS, be ready to explain how your conspiracy theory would keep it private. "Relying on the stupidity of several hundred million individuals" gets cut to shreds by Occam's Razor.
Only open digitally signed Word documents received from trusted individuals via trusted paths. This is Microsoft's preferred security solution. While this can guarantee the source of the document, it does not guarantee that the trusted source was free of infection when
the document was sent.
Not to be a knee-jerk basher, but does it really surprise anyone that MS's preferred solution is inadequate?
Macro viruses pose a serious threat to Microsoft Office users. The best defense is to be alert to the danger, and to trust no document that was externally created.
Okay . . . and this the NSA spent years researching and deciding on? I mean . . . okay. I don't suppose they've got a bunch of chimps randomly banging on keyboards over there, but . . . well, it would seem that perhaps the Great and Powerful NSA could come up with something a little better than "Look both ways before crossing the street and don't talk to strangers."
Okay, posting before investigating the link is lame. So I know I'm lame.
However, I went and checked the link. They didn't "fork the kernel to get it secure enough for them." They performed some research and experimentation in secure treatment of sensitive data being integrated into an operating system. This is vastly different from the kind of security being discussed in the referenced info on Win2k.
Now, I've worked with security-clearance-required data before. I think it's absolutely fascinating to consider encoding the clearance level and need-to-know requirements into the filesystem. As others have noted, Linux is the only OS extant they could have done this kind of work with.
I don't think anything they might have added would necessarily outright interfere with the main tree, but it would almost certainly create completely unnecessary overhead for most desktop users. OTOH, it might be a big bonus for corporations concerned about industrial espionage to have such features available.
Okay, ignoring the ad-hominem "blatantly false and jingoistic" . . .
I am a rank newbie into the world of Linux/Unix/POSIX/etc. Please treat what you see as deceit and jingoism as pure, unabashed ignorance. It may not be an excuse for breaking the law, but from what I've seen it's a good enough excuse to post on/.;)
I'm posting from a Win98 machine at the moment because, quite frankly, I'm more comfortable with it. I'm not particularly an OS bigot either. I just plain didn't (and still don't) know anything about any of those other projects.
On the one hand, thank you for pointing out to me the factual errors in my assumptions and suppositions, but on the other, I guess I'd appreciate if you'd not attribute to malice what can be adequately explained by stupidity. Perhaps it's a rarity to find someone who readily admits to it, but I'm much more interested in learning new things than mud-slinging and name-calling.
Now . . . you're saying, if I understand, that the NSA's SE Linux is just hacking the Linux kernel to put in some stuff that's been talked about and even done in other OSes for years? And stuff that isn't even all that novel for Linux?
Agreed name calling is a little low, but Linux can be secured and is used in big old nokia firewalls used by the likes of BT, admittedly they stick on a number of 3rd party/proprietry software to sure things up, but most operationg systems need that.(do you run zone alarm or similar on win 2K?)
I have run win 2000 pro as well, its nice enough, and stable(I didn't run it for too long), no real complaints except the cost.
as for good software, it is out there, it just means you have to look thurther than PC world, and if you still can not find what you want, find a software company that can produce it for you - I can almost gaurentee that if you want it someone else will to.
- note I use OpenBSD rather than Linux (but thats my current personal preference)
- those who can spell care, those who can't don't -
NSA & Linux? (Score:1)
Re:An omission (Score:1)
Re:Backdoors? (Score:1)
Re:Unplugging the computer... (Score:1)
No - because it applies to processes too. For example you can't cut and paste (or pipe, I don't think SE Linux has an X server yet) classified information into an unclassified document. Much more sophisticated than any form of file permissions.
Re:Backdoors? (Score:1)
Breaking News (Score:5)
Damn! NSA was slashdotted! (Score:1)
Re:Securing win2k (Score:2)
Re:Unplugging the computer... (Score:2)
True, but just because they have the source doesn't mean they can hack on it or fork it like they can with Linux.
--
Simon
Re:Bullshit (Score:1)
--
Step 1.... (Score:2)
Re:Typical... (Score:2)
Re:Bullshit (Score:2)
-l
Re:Bullshit (Score:2)
-l
Re:Bullshit (Score:2)
-l
wow, with acres and acres of computers... (Score:1)
Still, I suppose you get SOME security by using extremely slow connections..
Your Working Boy,
- Otis (GAIM: OtisWild)
Re:Yet another DDoS attack logged... (Score:2)
NSA Uptimes... (Score:1)
Re:Unplugging the computer... (Score:2)
Yes, they did - which is pretty remarkable for an incredibly secretive organisation like the NSA.
By putting it out there under the GPL, they have. I don't know whether it's planned to integrate with the main tree or not - it may be that the features the NSA require interfere with other things more important for maintream use.
Go you big red fire engine!
Re:MS and NSA (Score:2)
While what you say is theoretically true, as a practical matter any machine that has any really secret stuff on it is always going to be air-gapped. That is, the machines that really have to be secure are simply not physically connected to the outside world, either directly or indirectly. It's the only way to be sure there won't be a remote exploit...
You can actually see the site. (Score:4)
Re:Bullshit (Score:1)
Shoving all that under "capabilities" and then arguing that since win2k outshines linux in the granularity of it's permissions model borders on dishonest. Security-feature wise, SELinux is in a whole different ballpark (B1) from both win2k and Linux.
Pretending that that patch was necessary to get Linux to be as secure as NT is dishonest (or ignorant).
Re:Hmmm. (Score:2)
Re:Question... (Score:1)
I downloaded 'em all (except the three supporting docs that I wasn't interested in) before they turned off the pipe, so if they change something, I would notice. I don't expect them to, though.
Cheers,
Re:Unplugging the computer... (Score:3)
Forking the kernel can be a good thing, and it shows how flexible linux can be...
Re:Unplugging the computer... (Score:1)
Re:Securing win2k? (Score:1)
=P
Re:Unplugging the computer... (Score:3)
With their linux dist they get many eyes looking at it and they can do anything they want with the source code to make it as secure as possible.
Given the choice of mostly secure which the nsa can get with w2k and redoing parts of linux to make it actually secure which would you choose? It seems obvious which one the nsa chose. Also they are more changes in their linux dist then just the kernel.
Re:Yet another DDoS attack logged... (Score:2)
Is bashing ms your chief joy in life? (Score:1)
For those of you over 17,
I'm going to tell you a story I heard in a movie. A little boy grows up hating his stern father because he punishes him, while he is very close to his mother because she protects him. He grows up and moves out. Later, when he's about 25, his mother dies unexpectedly at around 50. At her funeral, he's silent. His father continues to remain estranged to him but lives to an old age, and dies at 75 when the man is now 50. As he's standing at his father's graveside, he finds himself sobbing uncontrollably.
The point is that when his mother died, it was unfortunate. But, when the father died, the man, who hated his father so much, now no longer had the hate to keep him going.
The movie was a movie about how Nazis and Jews. It reminds me very much about how some of you act. Please be more interesting.
[Saint Stephen]
Re:Unplugging the computer... (Score:1)
ACLs provide very little security in
a practical sense because they are
almost impossible to administer.
Capabilities, (not the dumbass privileges of
POSIX) are the only easily administered general
security model. They are a lot less work for the kernel too.
Timing (Score:2)
The trick is to have the child lose the rights whenever the parent loses the rights.
Pure bait (Score:1)
Re:Unplugging the computer... (Score:5)
The NSA has the Win2k source code. It's very easy for universities and other establishments to get the source, slightly less easy for large companies, and slightly less easy still for small companies and individuals (although they're changing this as we speak...)
Simon
Re:NSA and MS (Score:1)
The W2K source is available for corporations with the funds. There will never come a day when CompSci students can learn OS design by looking over MS's source.
Slashdotting the NSA (Score:1)
Securing win2k (Score:2)
Step 2: Disconnect the keyboard
Step 3: Disconnect the mouse
Step 4: Disconnect the monitor
Step 5: Turn the computer off
Step 6: Unplug it
Step 7: Remove the harddrive and lock it in a safe somewhere where nobody will ever think to look for it, then promptly forget where you left it.
Step 8: Kill yourself just to be sure you don't accidently ever remember
Ok. Its secure.
-Restil
New Date Material Will Be Available (!slashdotted) (Score:1)
Because of the amount of interest in the Windows 2000 Security Recommendation Guides, we are updating our Web site to better handle the demands placed on downloading the files. We expect to make the guides available once again during the week of June 18, 2001.
Windows 2000 Security Recommendation Guides [nsa.gov]
Maintain a questioning attitude
Re:hey jackass... (Score:1)
Just kidding. It's impossible to read those pathetic forums.
Re:Yet another DDoS attack logged... (Score:1)
-----------------------------------------------
Legal Notice (Score:1)
Really? Well, I guess I shouldn't kiss this rattle snake then. Lucky I read the legal notice.
Re:Typical... (Score:1)
Why should I freely work for them for a product that they will turn around and charge me for, you ask.
If you're even a halfway productive beta tester, you don't have to pay for the OS. At least, i've never had to.
Plus, its knowing you have access to a pre-release OS in its formative stages, watching it grow and having more input than the average joe into the development of a platform destined to go on thousands of PC's. It also has benefits when it comes to one's career - When one of my previous employers moved to 2000, I already had extensive experience in 2000 and knew it intimately - moreso than any of the other NT admins. This provided a distinct advantage for me within the company which is beyond the scope of this post.
Re:Typical... (Score:1)
Typical... (Score:5)
Heres a small dose of insight, from someone who's beta tested MS operating systems for 5 years (or so.)
Microsoft listens to users suggestions. They may not respond to you, they may not integrate them into the OS. But they do listen. MS does not make an insecure operating system on purpose - Beta testers have a whole newsgroup to focus on security and how to improve it before the final build is released. Its part of their role and responsability to test for exploitable security holes - if you don't think they're doing a good enough job, how about you send a request to betareq@microsoft.com and ask to be on the next beta team for windows. Keep in mind though, they usually only want experienced users and there are checks and balances to make sure you're a functional beta tester - not just someone who enjoys bragging about having teh leet XP build #x.
The beta process is not perfect, IMHO - Bugs do get knocked down (i've thought for a long time they should let the beta testers moderate bugs) and i have an extreme distaste for setting a release date before the beta testers agree that testing is complete. XP is remarkable right now, but not perfect. This part is MS's fault.
If you have an intelligent, well-thought-out, non-kneejerk "windows sucks *chortle*" suggestion/comment regarding windows - you may go to http://www.microsoft.com/mswish/
(p.s. - When you list your beta testing experience, the following line is a bad, bad idea: "I tested (unofficially) Windows XP, 2000, ME, 98SE, 98.... you get the idea. har har har *snort*"
Re:Unplugging the computer... (Score:2)
Ah yes - DES which was deliberately weakened from 128 bits (which was the original recommendation) to 40 (which the NSA could break but hoped nobody else could)
and this supports your argument how?
--
Re:Unplugging the computer... (Score:3)
--
Re:Bullshit (Score:2)
------
Re:NSA and MS (Score:2)
Thank God for that.
Securing W2K (Score:1)
Re:Amazing (Score:2)
Just because you can see source doesn't mean that it is open source. Microsoft won't let you change the source code or build your own version of w2k. They will (for a large fee) let you look at the source to make your code work better, but they have so many rules and restrictions on the code that it next to impossible to do anything useful after you've seen the code.
Re:Securing win2k (Score:1)
(well, i don't have a windows key, but some people might)
NSA security tips (Score:2)
2) use encryption, but only really stupid encryption so that we can read it.
3) please please please use Windows - it is waay more secure than unix ok? (really!).
4) all your base are belong to us
Cool link ! Win2k security for home user (Score:2)
That link http://www.gpick.net/sbr/security/w2ksecuritytips
Re:CIA = NSA (Score:1)
Re:Bullshit (Score:1)
---
Re:Bullshit (Score:1)
---
Re: And it can't stay up for more than a few days (Score:1)
How 2 Secure W2K/IIS (Score:2)
Install W2K Server.
Install Service Pack 2
Install this IIS patch: http://www.microsoft.com/windows2000/downloads/cr
OK - lets see someone "root" that box. I can positively guarentee you won't find any box with these two simple patches applied being defaced!
Is this really that hard people? W2K is secure. IIS is not nearly - but can be with a single patch (it's a rollup of all previous patches).
db
Re:Typical... (Score:1)
Did you know that some beta testers even pay to test for Microsoft (as in: I bought winxx rc2 and sent in bugs)?
Has anyone a decent explanation for this behaviour? And is there a way I can make a profit from letting other people do the same for me? Please let me know.
Thanks.
Re:Typical... (Score:1)
Hundreds of people joined the contest. How is that for cheap labor
Re:Typical... (Score:1)
-assuming they are dumb and I am right
-asking for help to understand why people behave unlogical (to me).
The second option is much more fun and instructive. So the question I asked was not a rhetorical one, but a real one.
As for the hostility: I assume the way of thinking of the others is dumb, but I am open to different opinions to enlighten me.
Re:Rule #1 (Score:5)
Re:Some very true, but old-hat, stuff (Score:2)
Yes, it's probably too elementary for your subtle and keenly-developed sense of computer security, but these guidelines might actually be useful to the great unwashed masses, many of whom die in droves while
If 90% of the computer security fatalities are a result of supposedly trivial things to fix, that does not make it any less helpful and useful to suggest trivial fixes, given how much grief can be saved.
Yet another DDoS attack logged... (Score:5)
Re:An omission (Score:3)
Funny, I thought it was "CIAagentsareweenies".
Bullshit (Score:3)
This is probably the most false claim I've ever seen on Slashdot. SE Linux is based on research into
--
Re:Bullshit (Score:3)
That's fairly easy and rather insecure. The hard part is limiting permissions in small chunks to different programs. Basically, the assumption is that any program is potentially hostile so you want them to run with the minimum amount of permissions necessary. For example, just because I can delete files, send emails and edit the registry in Windows doesn't mean that it is the wisest thing to have any script that runs from my email program have the same permissions that I do, the same thing goes for *nix and all those buffer overflow bugs that exploit setuid(). Ideally I should be able to say "start [web server of choice] but the only thing it can do is listen on port 80 and serve read files from directories A, B, and C and everything else is explicitly disallowed to the apache process"
--
Unplugging the computer... (Score:5)
What is perhaps even more interesting is that at least Win2K can be secured to a level that is suitable for the NSA, they actually had to fork the Linux kernel [nsa.gov] to get the same functionality out of Linux.
--
Re:Bullshit (Score:5)
Sorry about that, its just sometimes people seem to just be as guilty of spreading FUD as the so-called "evil" corporations that it gets exasperating.
I apologise for those comments.
Now . . . you're saying, if I understand, that the NSA's SE Linux is just hacking the Linux kernel to put in some stuff that's been talked about and even done in other OSes for years? And stuff that isn't even all that novel for Linux?
Yes and Yes. Actually what regular Linux is implementing (which is different from what the NSA is doing with SE Linux) is POSIX 1.e capabilities or "priviledges" which involves splitting up the permissions typically given to the root user (e.g. can connect to ports under 1024, can mount kernel modules, can change ownership of files, etc) into discrete entities that can be apportioned to other users and processes. This was something that the POSIX folks tried to agree on in the eighties (or is it seventies) but never came to an agreement on how best to implement it. Check out the Linux Capabilities FAQ [kernel.org] for more information.
The NSA is working on "true capabilities" which is being able to grant and revoke extremely granular permissions to all objects/entities in the system. This concept is similar to java.policy files [arm.gov] being maintained for every entity in the system. Making sure that policies can be tracked in such a manner that they are revokable is the most difficult part (e.g. if I lose permissions to connect on a certain port or write to a certain file, then every process or file that I've created should lose those permissions as well).
--
An omission (Score:5)
This is only to be used for non-spying means. Really. There is no need for users to worry about invasion of privacy as we at the NSA are above that.
Additionally, please ensure that you give your files clear names such as "Nuke blueprints" or "Kiddie Porn". We suggest this purely to help you organise your file system.
Re:Typical... (Score:2)
Or, here's a radical idea, how about I use an OS that doesn't make me go down on my knees for the priviledge of exposing my computer to the risks of a beta version? Who's doing who the favor here, buddy?
The only "intuitive" interface is the nipple. After that, it's all learned.
Oh my god! (Score:2)
You bastards!
--------------------------------------
Re:MS and NSA (Score:2)
A (possible) side note from NSA ... (Score:3)
Re:Bullshit (Score:2)
Additionally you can give users special rights on the OS that don't have anything to do with file permissions. For instance, you can set up accounts that act only to run server processes, and you might give that account permission to act as part of the OS.
Basically, Win2K security is designed around the user, whereas in UNIX security is designed around the file.
Re:Really clever posts here (Score:2)
Securing Win2K (Score:2)
Different goals, different OS' (Score:3)
Um. May I suggest you read this [nsa.gov] document which explains the philosophy behind the kernel modifications.
Securing Windows 2000 and 'forking' (actually patching) the Kernel were both done with different goals.
In a nutshell, the modifications done to the kernel were done to impliment the 'Flask' security architecture, which (mainly) is about separation between setting and enforcing security policies, and how this is applied to the various types of resources. In addition, SELinux was the by-product of a research project, and is not used operationally by the NSA.
The suggested configurations for Windows 2000 have different goals, and is not a handbook for implimenting the Flask architecture on Windows 2000.
Re:Backdoors? (Score:4)
Suppose I set up a website with my new compiler. I give a binary download and a source download. What I don't tell people is that the binary download contains extra code which adds a backdoor to the software it compiles. It also recognises when it is compiling itself and adds all this extra code.
So now you've got a corrupt compiler which generates back doors.
Of course you have to persuade someone to download the binary compiler first. But if they're working on a system without a compiler - that's exactly what they'll do. Or they installed the compiler direct from the CD.
I'm afraid the only way to 100% sure that your compiler is not corrupt in this way is to write your own. At least one that's good enough to compile another one.
MS and NSA (Score:2)
The whole point of the specifications that they realeased if any of you accually read the thing before you started bitching about it, was it was for government agencies that were looking to set up W2K systems. By government agencies they probably ment local and state goverment, because the federal government has a set standard for their servers, and it is not W2K. They were doing this as a service to all the stupid Admins out there that mess up their W2K system because they are to retarded to read the manual and set up a good security protocol, and then go on slashdot and complain that Microsoft sucks because the knowledge to set up the server wasn't so obvious a chimp could set it up.
Been using it for a while (Score:5)
We've been using these "Security Baselines" as we call them in our organization for a while.
We have a *LOT* of Win2K boxes spread over a continent, and whenever one's compromised, we always find that the administrator or operator was not following the baseline. I don't know of any baselined machines being compromised.
Use these; they're a Good Thing.
crap (Score:4)
Agree about the cost point.... (Score:2)
You know... (Score:2)
Nah...
OK,
- B
--
Re:NSA & Linux? (Score:2)
If you did'nt find that on their wabpage you surely did not look very herd.
Latest Service Packs? (Score:2)
Win2k security for home user (Score:4)
Re:Typical... (Score:2)
Unless MS is specifically recruiting thousands of beta-testers just to hack the security, they're not going to fix the important holes. I'm sure they're doing a certain amount of this sort of testing, but it clearly wasn't enough for their previous OSes. In any case, the sort of beta testing you suggest is generally not where you would expect to discover most of your security flaws. I really hope MS knows this.
Re:Unplugging the computer... (Score:2)
You mean, like NTFS' ACL? Which NT had since forever?
Hell, NT can do it to any object whatsoever, not just files.
> Linux is the only OS extant they could have done this kind of work with.
No, they could've got any number of other OSes to do it for them.
Most Unixes has some sort of ACL capabilities, and I think that VMS has it as well.
--
Two witches watch two watches.
Re:You cannot gaurantee that anything is 100% secu (Score:2)
Since the number of truely talented hackers is small, that in itself reduce the chances of a break in.
--
Two witches watch two watches.
Re:Unplugging the computer... (Score:2)
--
Two witches watch two watches.
Re:Unplugging the computer... (Score:2)
--
Two witches watch two watches.
Secure IIS? (Score:3)
-CrackElf
netcraft says nsa runs solaris and apache (Score:2)
It's official! (Score:2)
If you try to access their reccomendation guides you get redirected to http://www.nsa.gov/winsecnote.htm [nsa.gov] which says:
Those poor bastards...Let me get this straight... (Score:2)
Before trying to accuse the NSA of putting a private back door into your OS, be ready to explain how your conspiracy theory would keep it private. "Relying on the stupidity of several hundred million individuals" gets cut to shreds by Occam's Razor.
Some very true, but old-hat, stuff (Score:3)
Not to be a knee-jerk basher, but does it really surprise anyone that MS's preferred solution is inadequate?
Okay . . . and this the NSA spent years researching and deciding on? I mean . . . okay. I don't suppose they've got a bunch of chimps randomly banging on keyboards over there, but . . . well, it would seem that perhaps the Great and Powerful NSA could come up with something a little better than "Look both ways before crossing the street and don't talk to strangers."
Re:Unplugging the computer... (Score:3)
Okay, posting before investigating the link is lame. So I know I'm lame.
However, I went and checked the link. They didn't "fork the kernel to get it secure enough for them." They performed some research and experimentation in secure treatment of sensitive data being integrated into an operating system. This is vastly different from the kind of security being discussed in the referenced info on Win2k.
Now, I've worked with security-clearance-required data before. I think it's absolutely fascinating to consider encoding the clearance level and need-to-know requirements into the filesystem. As others have noted, Linux is the only OS extant they could have done this kind of work with.
I don't think anything they might have added would necessarily outright interfere with the main tree, but it would almost certainly create completely unnecessary overhead for most desktop users. OTOH, it might be a big bonus for corporations concerned about industrial espionage to have such features available.
Re:Bullshit (Score:3)
Okay, ignoring the ad-hominem "blatantly false and jingoistic" . . .
I am a rank newbie into the world of Linux/Unix/POSIX/etc. Please treat what you see as deceit and jingoism as pure, unabashed ignorance. It may not be an excuse for breaking the law, but from what I've seen it's a good enough excuse to post on /. ;)
I'm posting from a Win98 machine at the moment because, quite frankly, I'm more comfortable with it. I'm not particularly an OS bigot either. I just plain didn't (and still don't) know anything about any of those other projects.
On the one hand, thank you for pointing out to me the factual errors in my assumptions and suppositions, but on the other, I guess I'd appreciate if you'd not attribute to malice what can be adequately explained by stupidity. Perhaps it's a rarity to find someone who readily admits to it, but I'm much more interested in learning new things than mud-slinging and name-calling.
Now . . . you're saying, if I understand, that the NSA's SE Linux is just hacking the Linux kernel to put in some stuff that's been talked about and even done in other OSes for years? And stuff that isn't even all that novel for Linux?
Re:Really clever posts here (Score:3)
I have run win 2000 pro as well, its nice enough, and stable(I didn't run it for too long), no real complaints except the cost.
as for good software, it is out there, it just means you have to look thurther than PC world, and if you still can not find what you want, find a software company that can produce it for you - I can almost gaurentee that if you want it someone else will to.
- note I use OpenBSD rather than Linux (but thats my current personal preference)
- those who can spell care, those who can't don't -