Re: Linux snares security tool

[InfoSec News <isn () c4i org>]

Forwarded from: Me <joe () plaguesplace dyndns org>

On Fri, Nov 09, 2001 at 02:54:32AM -0600, InfoSec News wrote:

> Forwarded from: Ejovi B. Nuwere <ejovi () ejovi net>
> Cc: nicole.bellamy () zdnet com au
 

[snip]

 
> Or are you saying that it works on Linux? I'm confused. I suspect you
> are too. Why did you not research the subject, if you had you would
> have found tripwire (http://www.tripwire.org/) which has been around
> and widely used for almost 10 years.
>
> What about quoting experts other then the company CEO? Either you've
> been had, or need a refresher course in journlistic intergrity.
>
> Your friend,
> ejovi

On Fri, Nov 09, 2001 at 02:57:46AM -0600, InfoSec News wrote:

> Forwarded from: security curmudgeon <jericho () attrition org>
> cc: nicole.bellamy () zdnet com au, errata submission <errata () attrition org>
>
> Unless there is more to it, this claim is completely wrong.
>
> Hell, one could argue that "syslog" matches this description since it
> will log audit related events.
 
[snip]

I think there is more to it.

This is not the same thing as tripwire or any other host based
intrusion dection system.  This is more like the security auditing
system that you would find described in the rainbow books.  You would
find such an auditing system on a C2 trusted system or higher.  This
is something that has been woefully lacking on linux systems.  We have
had the mandatory access control lists.  This auditing system goes
hand in hand with MACs.

http://www.fas.org/irp/nsa/rainbow/tg001.htm

http://www.intersectalliance.com/projects/Snare/index.html

joe

-- 
Don't forget to feed your brainworms chocolate covered mothballs or the pigs
will eat grandma on the farm.
--paraphrased Joe Walsh from the Drew Carey allstar improv.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.