IDS mailing list archives
Re: self authentication for sensors in ids ?
From: Stefano Zanero <stefano.zanero () ieee org>
Date: Fri, 30 Jan 2004 12:59:46 +0100
Michal Melewski wrote:
2. If IDS administrator is sure, that sensor hasn't been compromised he gives the sensor a password for his gpg key and activate it.
How ? A password of which key ?
3. When sensor is active he can send alarms and each packet should be signed and encrypted, and of course supplied with a md5 sum (or better sha1) of currently running code.
And what is there to prevent an abuser to send packets with the known good md5sum ?
If attacker managed to replace a sensor, the gpg sign wouldn't be valid
Again: how is that possible ? Where do you store the password ? If it's in the running code on a compromised machine, it's not secure.
Stefano --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- self authentication for sensors in ids ? Gaurav_Jindal (Jan 12)
- Re: self authentication for sensors in ids ? Martin Roesch (Jan 12)
- Re: self authentication for sensors in ids ? Stefano Zanero (Jan 12)
- Re: self authentication for sensors in ids ? Yoann Vandoorselaere (Jan 13)
- Re: self authentication for sensors in ids ? Michal Melewski (Jan 28)
- Re: self authentication for sensors in ids ? Stefano Zanero (Jan 30)
- Re: self authentication for sensors in ids ? Michal Melewski (Jan 30)
- Re: self authentication for sensors in ids ? Stefano Zanero (Jan 30)
- Re: self authentication for sensors in ids ? Martin Roesch (Jan 12)