> For a particular user, his 10/100 bucks and personal > data is all that > matters. When it comes to virus-protection/security, > it is important > to defend against *all* forms of possible attacks to > the best extent.
This is true; agreed. > Possible vulnerabilities only increases with the > software stack. Not > always should it be in the kernel or the database. > > Some of the below reports should help one recognise > it(for solaris): > [1] > http://support.bb4.com/archive/200105/msg00218.html > [2] > http://www.virus.org/news/unix-security/solaris-telne > -worm.html > [3] > http://blogs.sun.com/security/entry/solaris_in_telnet > _worm_seen > [4] http://www.chkrootkit.org -> Check the long > list of rootkits. > any of the rootkits are applicable for Solaris. > > I keep receiving the CERT advisories related to some > of the platforms > (including Solaris) that mention about the > vulnerabilities and the > patches to apply. This doesn't seem to indicate that > Solaris systems > are unbreakable inspite of user following all the > correct practices. > Check the number of security patches that are > released every two > months. Surely you jest! The sadmind attack is *ancient*; the telnet hole has been patched a long time ago -- in a network security world, that's *eons*. The only thing that counts is a 0-day attack that's unpublished. rootkits must exploit a hole in the service running on an open port -- but what will you exploit if the only thing that's running on a system is an unvulnerable version of sshd? You have two choices -- either you start a brute force attack, which will take ages, and will light up the monitoring system like a x-mas tree, or you try to find a previously undiscovered hole in sshd. And of course, what good will a brute force attack do on an sshd which is configured to only accept keys and has passwd auth specifically disabled? Better hope for a buffer overrun, since sshd is still one of the few services running as root. That said, let's presume you are successful and land into the system. But, the only thing you find is a "blind" system that can't go anywhere and can't "see" anything -- in other words, you landed into a trap, a jail that you might be able to get in, but can't get out of. As of for the links you posted, I knew of those when they first "came out" -- what kind of a security engineer would I be if I didn't? Not very good one, I'd say. Remember: there is currently no technology to compensate for human stupidity. If the sysadmin is stupid enough not to lock the system down, no engineer can compensate for that. This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
